|
Log-Analyse und Auswertung: wgsdgsdgdsgsd.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2012, 15:13 | #1 |
| wgsdgsdgdsgsd.exe Hallo, habe leider ebenfalls oben genannten Trojaner auf der festplatte. Mittels gData und dann Malwarebytes Dateien entfernt (bin auf die Anleitungen hier erst danach gestossen, sorry). Hier die Logs von OTL: Code:
ATTFilter OTL Extras logfile created on: 28.12.2012 14:54:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan Zierau (CLS)\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,94 Gb Total Physical Memory | 5,46 Gb Available Physical Memory | 68,73% Memory free 15,88 Gb Paging File | 12,62 Gb Available in Paging File | 79,47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 469,69 Gb Total Space | 391,65 Gb Free Space | 83,39% Space Free | Partition Type: NTFS Drive E: | 698,46 Gb Total Space | 432,82 Gb Free Space | 61,97% Space Free | Partition Type: FAT32 Drive F: | 461,72 Gb Total Space | 417,91 Gb Free Space | 90,51% Space Free | Partition Type: NTFS Computer Name: STEFANZIERAUCLS | User Name: Stefan Zierau (CLS) | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Classes\<extension>] .txt [@ = txtfile] -- C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe (Just Great Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08969E81-32CE-4F8B-8D91-8BF244975D2B}" = lport=137 | protocol=17 | dir=in | app=system | "{1C26869C-8D1B-49AA-BD9F-DFE17E932A8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3383E314-5D05-4506-ABC7-6B67528025E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{38BC2466-4D65-4FAA-AA36-A4653AA6E35E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{469CD8C5-778A-4F9B-9CAA-99114235B20A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{59AE3363-5E05-4454-804F-555E16A5B34F}" = lport=2869 | protocol=6 | dir=in | app=system | "{5A3F9391-8D40-4A7A-9A1E-74A84BF9AF89}" = rport=139 | protocol=6 | dir=out | app=system | "{74721EA1-1AD4-4C30-AF09-DD35E4815C72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7F88ABA2-1EEA-41B4-B617-D69228310435}" = lport=10243 | protocol=6 | dir=in | app=system | "{80AE3028-342F-4B6D-BC6C-718D5E4D8A11}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9753A13F-EFE6-4849-90E2-FBD00EC3D4FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A4179FF1-13C1-44E7-9B13-8DCB69861B44}" = rport=10243 | protocol=6 | dir=out | app=system | "{B1CE8491-0252-49F5-9D7E-C2E77C709996}" = lport=138 | protocol=17 | dir=in | app=system | "{BC15619F-3E2A-4132-AFBD-32D2134A938D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C26A726C-00FE-46DC-8FAA-3232223117C7}" = lport=445 | protocol=6 | dir=in | app=system | "{D23E354A-F7D9-415D-939B-B7CEA2686361}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D968F73B-689F-40B6-BDA7-BEC0312ED86E}" = rport=138 | protocol=17 | dir=out | app=system | "{DA2A7FAD-B0B7-4F51-A63B-6613B3CA93DF}" = lport=139 | protocol=6 | dir=in | app=system | "{EB34A8E3-531F-475E-B990-40061B55EEE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F07FCD16-31BB-40EB-A413-173D347E6855}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{F567095E-61EB-45B7-8094-25A0E13FE2D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F63BB4A4-0B5E-4979-A172-8838E6C1B6E4}" = rport=445 | protocol=6 | dir=out | app=system | "{F947A85F-02FD-4168-BB37-DB3025881151}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FF0C67F1-17FC-45FE-AD96-CEFBE180E953}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E7D4920-D637-4D8E-AC7D-7B754CB34312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{101D5BF8-7518-427F-9976-6B893BCA0377}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | "{3015DF76-9E27-433B-813E-FE46E1F323C5}" = protocol=6 | dir=out | app=system | "{3B36F75F-7AF4-4531-A578-D415E193BE28}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{3C3CEAAA-7494-4C6B-8E82-BF9CDD92CD9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{406F7F36-F569-4B27-9F18-C1B573409D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{408E95B1-7147-402D-9272-40248FF42D97}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{45F479F6-7D71-4A71-9430-32ECEC1DCD77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CA218AE-BDA0-47F5-B1C7-76B561A72B87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4FCB8D0F-8C9B-4076-BF28-DA696FDF098F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{51F6C2D0-632B-42CB-9839-764172A7780A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | "{5485D5A9-0B01-4A46-BB34-1FAA9F1A0198}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "{559BC925-0DA4-4000-9F7E-90984BF34875}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5BE273B4-1C94-4485-B46E-A99AA1FBC301}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{6B94A918-9D53-4D65-94A2-951807707FB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7445F8C1-3A9F-4C49-BEA5-C707244A8125}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7A0CEEBB-0B40-401B-8D87-11B77378BB4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7D4E5BE5-3DFF-4C36-995F-A51E1658D5BA}" = protocol=17 | dir=in | app=c:\program files (x86)\moony\moony.exe | "{7DC577CB-F936-4C8D-8AB5-3F24C846D7A3}" = protocol=6 | dir=in | app=c:\program files (x86)\moony\moony.exe | "{89FCBD3F-8E59-428A-B9F4-945C99B847BA}" = protocol=17 | dir=in | app=c:\program files (x86)\mirabyte\superhtml web studio\shtml85.exe | "{8EDBEDC5-18B4-4AE6-9D76-AC271F737A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{9F7677A9-A3EC-46FC-9EC1-7020AE47CBA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC544C64-0441-498B-A140-56A25E076696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{ADA4539C-969A-4C24-B2B5-82A9BE84B10C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B88B2D92-810C-43F4-A4BE-715DCAC02891}" = protocol=6 | dir=in | app=c:\program files (x86)\mirabyte\superhtml web studio\shtml85.exe | "{BCB6E4B1-2E43-4698-B3C3-06AAB9C8611A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BDFAD30C-E320-4547-8BB3-4EFF602C391B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C16B6CD7-97D3-4F04-8758-0ED5BF50F57C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D1F0D186-6463-4AE7-AFA8-48D4F4994BA3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DA8852BD-93FF-4241-9F52-C5D3A9CC20CC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E3BBCAA4-9319-436C-91F5-24E8FBE18919}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series "{1241CE77-0B65-40A0-B893-02EA49E35332}" = HP Officejet Pro 8600 - Grundlegende Software für das Gerät "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4DF1691E-8012-4E7C-89CF-3F7B9146DA6E}" = Studie zur Verbesserung von HP Officejet Pro 8600 Produkten "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{EC8C0607-58EC-4A27-BF6E-ED8F03FE19CE}" = Deutsche Tastatur - gravurkompatibel zur T2-Belegung gemäß DIN 2137-1:2012-06 - V1.05 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "0630-0716-3135-7887" = JDownloader 2 "AVM ISDN TAPI Services" = AVM ISDN TAPI Services for CAPI "Ditto_is1" = Ditto "EditPad Lite" = EditPad Lite DE 7.1.2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "PAYBACK Toolbar x64_is1" = PAYBACK Toolbar x64 1.2 "SP6" = Logitech SetPoint 6.32 "TeraCopy_is1" = TeraCopy 2.27 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11 "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{098F8AD3-DAC4-4B37-B9F8-4F9E92B41BE7}" = Adobe Setup "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{14F7A428-50E7-49FA-9C80-A94C4DFF4ED1}_is1" = T2-Tastatur Belegungsschaubild Version 1.05 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B2AC1F-EC9B-4187-9A02-BC46A2B4FE9D}" = Enfocus PitStop Pro "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX "{31D72726-2A42-11E1-9D98-20824824019B}_is1" = SuperHTML Web Studio 8.5.6 "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3C1BB9E7-8193-413A-9F55-44BEDB0BC17E}" = Enfocus PackManager "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{42362C04-7187-4BB9-9B92-04216157E0EF}" = Adobe CMM "{483A865C-A74A-12BF-1276-D0111A488F50}" = Adobe® Content Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DA9118E-EBBD-41D3-A2CA-F96432182A58}" = Enfocus PackManager "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{672CC5B9-7C1B-42E0-8C65-C0E6C19F92F0}" = klickTel Telefon- und Branchenbuch Herbst 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5 "{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F99B1F3-C82A-4524-B814-3E633EAA9ABE}" = gSyncit "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5 "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1" = JFritz 0.7.4.1.28 "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Hilfe "{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C63A74B1-415C-47DA-A90F-38EAE6189642}" = Enfocus PitStop Pro "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6 "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional "{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0 "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{EC82B9BD-AE17-4FEA-8332-DA7E7D94799D}" = Anti-reCAPTCHA v4.00 JD "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FF118D79-F61B-4379-A059-5A3250324326}" = SCR3xxx Smart Card Reader "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe_b7572144686c889e4039b734b60fbbd" = Adobe CMM "AfmToPfm" = AfmToPfm "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v2.60 "AVMFBoxAnswerMachine" = AVM FRITZ!vox "Biet-O-Matic v2.14.10" = Biet-O-Matic v2.14.10 "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "CanonMyPrinter" = Canon My Printer "ChangeNames_is1" = ChangeNames 3.0.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "Codecs for Windows 7 Pack" = Codecs for Windows 7 Pack 4.0.5 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.dmp.contentviewer" = Adobe® Content Viewer "D-i-v-X - AVI Codec Pack Pro" = D-i-v-X AVI Codec Pack Pro 2.4.0 "DPP" = Canon Utilities Digital Photo Professional 3.6 "EditNumbers_is1" = EditNumbers 3.0.9 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EOS Utility" = Canon Utilities EOS Utility "EPSON Scanner" = EPSON Scan "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09] "FileZilla Client" = FileZilla Client 3.6.0.2 "FRITZ! 2.0" = AVM FRITZ! "HD Tune Pro_is1" = HD Tune Pro 5.00 "IrfanView" = IrfanView (remove only) "ISO Creator1.0" = ISO Creator "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.20.1 "MailBell" = MailBell "MailCheck_is1" = MailCheck 2 Version 2.70 (Build 334) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Moony" = Moony ISDN-Monitor "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MPE" = MyPhoneExplorer "MyCamera" = Canon Utilities MyCamera "Newsletter Software SuperMailer_is1" = SuperMailer 7.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "Recovery ToolBox for Outlook Password_is1" = Recovery ToolBox for Outlook Password 1.1 "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "RufIdent_is1" = RufIdent "SmartCallMonitor_is1" = SmartCallMonitor V1.6.0.233 "tigo-IT ReNo 2007 Add-In_is1" = ReNo Freeware 2007 Add-In "TreeSize Professional_is1" = TreeSize Professional V5.5.5 "VLC media player" = VLC media player 2.0.4 "WD Link" = WD Link "WFTK" = Canon Utilities WFT-E1/E2/E3/E4 Utility "WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional "YU2010_is1" = Your Uninstaller! 7 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Mediencenter" = Mediencenter 3.5.0.1212 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.12.2012 13:36:00 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 21.12.2012 16:42:56 | Computer Name = StefanZierauCLS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Ditto.exe, Version: 3.18.24.0, Zeitstempel: 0x4f03c097 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000029fa9 ID des fehlerhaften Prozesses: 0xa44 Startzeit der fehlerhaften Anwendung: 0x01cddfa1ada3c53e Pfad der fehlerhaften Anwendung: C:\Program Files\Ditto\Ditto.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: ff47a04c-4bae-11e2-bd88-c86000e1490c Error - 22.12.2012 04:35:35 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 23.12.2012 04:35:07 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 23.12.2012 16:08:58 | Computer Name = StefanZierauCLS | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Ditto.exe, Version: 3.18.24.0, Zeitstempel: 0x4f03c097 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000029fa9 ID des fehlerhaften Prozesses: 0x1218 Startzeit der fehlerhaften Anwendung: 0x01cde0e8c0fecbab Pfad der fehlerhaften Anwendung: C:\Program Files\Ditto\Ditto.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: 955d915d-4d3c-11e2-8b0c-c86000e1490c Error - 27.12.2012 02:54:25 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 27.12.2012 13:38:03 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 28.12.2012 03:50:24 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 28.12.2012 04:19:25 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = Error - 28.12.2012 05:20:39 | Computer Name = StefanZierauCLS | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 17.09.2012 01:41:50 | Computer Name = StefanZierauCLS | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 28.12.2012 04:20:56 | Computer Name = StefanZierauCLS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.12.2012 04:23:40 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = Error - 28.12.2012 04:25:07 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = Error - 28.12.2012 04:25:29 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = Error - 28.12.2012 04:26:20 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = Error - 28.12.2012 05:17:39 | Computer Name = StefanZierauCLS | Source = DCOM | ID = 10010 Description = Error - 28.12.2012 05:21:39 | Computer Name = StefanZierauCLS | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.12.2012 05:21:39 | Computer Name = StefanZierauCLS | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.12.2012 09:26:02 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = Error - 28.12.2012 09:26:52 | Computer Name = StefanZierauCLS | Source = SCardSvr | ID = 610 Description = < End of report > Code:
ATTFilter IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 2F 11 95 CF 88 CD 01 [binary data] IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=116198&tt=4312_2&babsrc=SP_ss&mntrId=4a7e7c96000000000000c86000e1490c IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE501 IE - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.09.05 09:47:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012.10.26 15:19:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.12.13 17:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.12.13 17:01:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012.10.26 15:19:29 | 000,000,000 | ---D | M] [2012.10.26 15:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\mozilla\Extensions [2012.10.26 15:19:29 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks [2012.10.24 07:28:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=116198&tt=4312_2&babsrc=HP_ss&mntrId=4a7e7c96000000000000c86000e1490c CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE501 CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.claro-search.com/?affID=116198&tt=4312_2&babsrc=HP_ss&mntrId=4a7e7c96000000000000c86000e1490c CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - Extension: YouTube = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Stefan Zierau (CLS)\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.23 16:30:40 | 000,002,453 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip4.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 22 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3:64bit: - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [Ditto] C:\Programme\Ditto\Ditto.exe () O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000..\Run: [SmartCallMonitor] C:\Program Files (x86)\JAM Software\SmartCallMonitor\SmartCallMonitor.exe (JAM Software GmbH) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.09.18 06:11:13 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk = C:\Program Files (x86)\jAnrufmonitor\jam.exe () O4 - Startup: C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk = C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Telekom\MediencenterSync\Mediencenter.exe (Deutsche Telekom AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..Trusted Domains: google.com ([maps] http in Trusted sites) O15 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..Trusted Domains: ip-phone-forum.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..Trusted Domains: webedition.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-1183811218-3521244880-1234998308-1000\..Trusted Domains: webedition.de ([www] https in Trusted sites) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE358D0C-5F3C-428A-A92E-C23487A8E209}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.28 10:00:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Malwarebytes [2012.12.28 10:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.28 10:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.28 10:00:09 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.28 10:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.28 09:44:17 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.26 08:43:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\DivX [2012.12.25 10:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma [2012.12.25 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\Documents\My Books [2012.12.25 10:40:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\kinoma [2012.12.25 10:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared [2012.12.25 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\Sony Corporation [2012.12.25 10:40:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2012.12.25 10:38:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Sony Corporation [2012.12.25 10:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2012.12.22 14:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital [2012.12.21 07:22:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 07:22:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 07:22:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 07:22:39 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.20 17:57:13 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012.12.18 16:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jAnrufmonitor [2012.12.14 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HP-Scan [2012.12.14 21:50:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\HP-Fax [2012.12.14 21:43:26 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\Documents\Fax HP [2012.12.14 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\Documents\Scan HP [2012.12.13 17:16:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\Diagnostics [2012.12.13 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2012.12.13 17:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar [2012.12.13 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer [2012.12.13 17:00:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\HpUpdate [2012.12.13 17:00:09 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5912.dll [2012.12.13 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.12.13 16:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.12.13 16:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.12.13 16:58:06 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\HP [2012.12.12 19:48:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 19:48:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 19:48:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 19:48:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 19:48:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 19:48:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 19:48:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 19:48:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 19:48:21 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 19:48:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 19:48:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 19:48:21 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 19:48:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 19:48:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 19:48:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 18:52:20 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 18:52:20 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 18:52:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 18:52:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 18:52:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 18:52:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 18:52:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 18:52:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 18:52:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 18:52:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 18:52:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 18:52:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 18:52:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 18:52:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 18:52:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 18:52:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 18:52:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 18:52:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 18:52:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 18:52:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 18:46:23 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 18:46:23 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.07 13:24:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\FileZilla [2012.12.06 17:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012.12.06 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\mirabyte [2012.12.06 11:22:29 | 001,064,440 | ---- | C] (WeOnlyDo! Inc.) -- C:\Windows\SysWow64\wodFtpDLX.OCX [2012.12.06 11:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mirabyte [2012.12.06 08:13:35 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\SuperMailer [2012.12.06 08:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperMailer [2012.12.06 08:12:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\Programs [2012.12.05 07:26:06 | 000,015,872 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\capi2032.dll [2012.12.02 22:19:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2012.12.02 22:19:03 | 000,262,144 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysWow64\esint52.dll [2012.12.02 22:19:03 | 000,161,280 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxuin52.dll [2012.12.02 22:19:03 | 000,095,232 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxwia52.dll [2012.12.02 22:19:03 | 000,004,608 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxwiaml.dll [2012.12.02 22:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2012.12.02 12:39:38 | 000,000,000 | ---D | C] -- C:\Users\Stefan Zierau (CLS)\AppData\Local\InstallShare ========== Files - Modified Within 30 Days ========== [2012.12.28 14:52:28 | 000,931,863 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.12.28 14:52:28 | 000,050,581 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.12.28 14:48:44 | 003,557,920 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Documents\AutoRuns.arn [2012.12.28 14:36:51 | 000,000,971 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Downloads - Verknüpfung.lnk [2012.12.28 14:29:00 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183811218-3521244880-1234998308-1000UA.job [2012.12.28 14:24:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.28 14:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.28 10:26:47 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 10:26:47 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.28 10:19:22 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.28 10:18:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.28 10:18:41 | 2099,757,055 | -HS- | M] () -- C:\hiberfil.sys [2012.12.28 10:01:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 18:33:30 | 000,002,959 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.27 17:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1183811218-3521244880-1234998308-1000Core.job [2012.12.27 16:18:48 | 000,001,261 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\TreeSize Professional.lnk [2012.12.27 10:32:46 | 000,071,079 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Documents\7270 6000Ram Übersicht.JPG [2012.12.27 10:29:09 | 000,001,272 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Snipping Tool.lnk [2012.12.27 10:28:17 | 000,100,789 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Documents\7270 6000Ram.JPG [2012.12.27 07:53:01 | 005,050,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.25 21:25:09 | 055,565,637 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\AdobeSetupUtility.zip.aamdownload [2012.12.25 21:25:09 | 000,000,830 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd [2012.12.25 15:13:03 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.25 15:13:03 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.25 15:13:03 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.25 15:13:03 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.25 15:13:03 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.25 10:40:33 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2012.12.23 12:06:38 | 000,001,558 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Windows Media Player.lnk [2012.12.23 12:05:11 | 000,005,632 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.23 10:24:33 | 000,001,228 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Windows Explorer.lnk [2012.12.22 21:12:22 | 000,002,033 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\WDTVLive (192.168.178.34).lnk [2012.12.22 10:20:36 | 000,026,414 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Documents\keepass1.kdbx [2012.12.19 07:34:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.19 07:34:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.18 16:09:06 | 000,001,943 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.15 10:26:14 | 000,126,800 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Documents\Hotelaufenthalt für.pdf [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 20:30:43 | 000,001,190 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Mediencenter.lnk [2012.12.13 20:30:43 | 000,001,182 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediencenter.lnk [2012.12.13 17:00:08 | 000,002,164 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk [2012.12.13 17:00:08 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk [2012.12.13 17:00:08 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8600.lnk [2012.12.13 16:58:39 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2012.12.12 23:30:43 | 000,002,564 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Google Chrome.lnk [2012.12.07 14:36:17 | 000,001,456 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.12.06 17:51:51 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.06 11:22:29 | 000,001,219 | ---- | M] () -- C:\Users\Stefan Zierau (CLS)\Desktop\SuperHTML Web Studio.lnk [2012.12.02 22:19:04 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk ========== Files Created - No Company Name ========== [2012.12.28 14:36:51 | 000,000,971 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Downloads - Verknüpfung.lnk [2012.12.28 10:00:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 18:33:30 | 000,002,959 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.27 16:18:48 | 000,001,261 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\TreeSize Professional.lnk [2012.12.27 10:32:44 | 000,071,079 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Documents\7270 6000Ram Übersicht.JPG [2012.12.27 10:29:09 | 000,001,272 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Snipping Tool.lnk [2012.12.27 10:28:14 | 000,100,789 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Documents\7270 6000Ram.JPG [2012.12.25 21:24:58 | 055,565,637 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\AdobeSetupUtility.zip.aamdownload [2012.12.25 21:24:58 | 000,000,830 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\AdobeSetupUtility.zip.aamdownload.aamd [2012.12.25 10:40:33 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2012.12.23 12:06:38 | 000,001,558 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Windows Media Player.lnk [2012.12.23 12:05:10 | 000,005,632 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.23 10:24:33 | 000,001,228 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\Windows Explorer.lnk [2012.12.22 21:12:22 | 000,002,033 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\WDTVLive (192.168.178.34).lnk [2012.12.19 07:34:47 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.18 16:09:06 | 000,001,943 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk [2012.12.15 10:26:14 | 000,126,800 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Documents\Hotelaufenthalt für.pdf [2012.12.13 17:01:14 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk [2012.12.13 17:00:20 | 000,000,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2012.12.13 17:00:08 | 000,002,164 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk [2012.12.13 17:00:08 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet Pro 8600.lnk [2012.12.13 17:00:08 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Officejet Pro 8600.lnk [2012.12.13 16:58:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.12.07 14:36:17 | 000,001,456 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.12.06 17:51:51 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.06 11:22:29 | 000,001,219 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\Desktop\SuperHTML Web Studio.lnk [2012.12.02 22:19:04 | 000,000,934 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.12.02 22:19:03 | 000,064,000 | ---- | C] () -- C:\Windows\SysNative\esfw52.bin [2012.11.24 17:11:26 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2012.11.06 08:19:08 | 004,822,976 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.10.26 15:19:25 | 001,180,013 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe [2012.10.26 15:19:25 | 000,052,859 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat [2012.10.24 18:40:48 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.15 12:30:05 | 000,000,236 | ---- | C] () -- C:\Windows\ktel.ini [2012.09.07 15:02:21 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2012.09.07 12:03:01 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.09.07 12:03:01 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.09.07 12:03:01 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.09.07 12:03:01 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.09.07 12:03:01 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.09.07 12:03:01 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.09.07 12:03:01 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.09.07 12:03:01 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.09.07 12:03:01 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.09.07 12:03:01 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.09.07 12:03:01 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.09.07 12:03:01 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.09.07 12:03:01 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.09.07 12:03:01 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.09.07 12:03:01 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.09.07 12:03:01 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.09.07 12:03:01 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.09.07 12:03:01 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.09.07 12:03:01 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.09.03 20:52:02 | 000,000,000 | ---- | C] () -- C:\Users\Stefan Zierau (CLS)\AppData\Roaming\JFritz.lock [2012.09.02 12:32:39 | 000,931,863 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.02 08:47:00 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.09.02 08:46:59 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.09.01 19:40:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.09.01 19:40:26 | 000,036,708 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.08.26 22:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe [2012.08.21 04:15:22 | 004,427,264 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2012.07.19 19:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012.07.19 19:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll [2012.07.19 19:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll [2012.07.19 19:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012.07.19 19:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012.07.19 19:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll [2012.07.19 19:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll [2011.12.07 20:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll [2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51 < End of report > Geändert von sz57 (28.12.2012 um 15:15 Uhr) Grund: Ergänzung |
28.12.2012, 15:34 | #2 | ||
/// TB-Ausbilder | wgsdgsdgdsgsd.exe Sowas hier ...
__________________Zitat:
Supportstopp: Cracks oder Keygens Damit ist das Thema beendet.
__________________ |
Themen zu wgsdgsdgdsgsd.exe |
bho, canon, error, excel, firefox, flash player, focus, format, geld, google, homepage, hängen, install.exe, jdownloader, logfile, nvidia update, object, office 2007, officejet, plug-in, realtek, registry, rundll, scan, security, senden, server, software, svchost.exe, tastatur, trojaner, wgsdgsdgdsgsd.exe, windows, wiso |