| |
| |||||||
Log-Analyse und Auswertung: IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.02.2013, 12:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Bitte ein neues OTL-Log machen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.03.2013, 15:28
| #17 |
 | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Hier der neue OTL Log, war leider zu beschäftigt in letzter Zeit.
__________________Code:
ATTFilter OTL logfile created on: 02.03.2013 14:08:05 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free 15,99 Gb Paging File | 14,16 Gb Available in Paging File | 88,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 16,37 Gb Free Space | 14,66% Space Free | Partition Type: NTFS Drive D: | 390,63 Gb Total Space | 277,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS Drive E: | 540,88 Gb Total Space | 370,01 Gb Free Space | 68,41% Space Free | Partition Type: NTFS Drive K: | 931,28 Gb Total Space | 667,54 Gb Free Space | 71,68% Space Free | Partition Type: FAT32 Computer Name: | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll () MOD - C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (syncagentsrv) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman) -- C:\Windows\SysNative\drivers\tdrpman.sys (Acronis) DRV:64bit: - (vidsflt67) -- C:\Windows\SysNative\drivers\vsflt67.sys (Acronis) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (fltsrv) -- C:\Windows\SysNative\drivers\fltsrv.sys (Acronis) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (grmnusb) -- C:\Windows\SysNative\drivers\grmnusb.sys (GARMIN Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (cxbu1x64) -- C:\Windows\SysNative\drivers\cxbu1x64.sys ( ) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC C5 52 83 01 F5 CD 01 [binary data] IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes,DefaultScope = {E8C3C50B-B838-4C25-820F-ADDF852A4BC2} IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..\SearchScopes\{E8C3C50B-B838-4C25-820F-ADDF852A4BC2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.28 21:29:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 13:29:29 | 000,000,000 | ---D | M] [2013.01.03 16:32:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2013.02.14 20:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\u2ectj6f.default\extensions [2013.02.14 20:14:10 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\u2ectj6f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013.02.03 14:18:07 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\u2ectj6f.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.02.14 20:14:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\u2ectj6f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.28 21:29:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.28 21:29:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2013.02.28 21:29:16 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-1938205684-392548031-1744998494-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 10.11.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12C45EE0-2185-43B4-B01C-07A8DA4C6039}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52A1039F-A2F3-414F-AB25-30598A17443B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\msc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerdvd8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\scannerfinder.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\scanwizard5.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tmmonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\totalmedia.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\tvpi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\olrsubmission.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photoshop elements 7.0.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photoshopelementseditor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\photoshopelementsorganizer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2go.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\power2goexpress.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerdvd8.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerstarter.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\producer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\scannerfinder.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\scanwizard5.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tmmonitor.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\totalmedia.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\tvpi.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SYSTEM\AUTOSTRT.EXE O33 - MountPoints2\{9e330d38-55b4-11e2-a406-806e6f6e6963}\Shell\install1\command - "" = D:\system\setup32\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 21:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.28 01:30:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.28 01:30:10 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.28 01:30:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.28 01:30:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.28 01:30:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.28 01:30:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.28 01:30:05 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.28 01:30:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:30:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 01:30:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:30:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 01:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:30:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 01:30:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:30:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 01:30:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.28 01:30:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.28 01:30:04 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.28 01:30:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.28 01:30:04 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.28 01:30:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.28 01:30:04 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.28 01:30:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.28 01:30:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.28 01:30:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.28 01:30:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:30:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 01:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:30:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:30:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 01:30:03 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.28 01:30:03 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.28 01:30:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.28 01:30:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.28 01:30:03 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.26 09:40:04 | 026,365,893 | ---- | C] (Macrovision Corporation) -- C:\Users\*\Documents\TourExplorer25Deutschland5080.exe [2013.02.24 23:24:56 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\*\Desktop\JRT(1).exe [2013.02.24 22:24:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.24 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2013.02.24 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Apps [2013.02.24 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\e-academy Inc [2013.02.24 13:09:44 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\e-academy Inc [2013.02.23 14:56:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2013.02.22 17:40:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\CD-LabelPrint [2013.02.22 17:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint [2013.02.22 17:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD-LabelPrint [2013.02.22 15:33:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.22 15:32:18 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.21 17:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.02.21 17:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2013.02.21 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Anti-Malware [2013.02.21 16:12:49 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2013.02.21 16:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.21 16:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.21 16:12:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.21 16:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.20 13:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.20 12:42:24 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.20 12:42:19 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.20 12:42:19 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.20 12:42:19 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.20 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.20 12:40:36 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.20 12:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.20 12:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.20 12:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.13 13:26:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 13:26:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 13:26:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 13:26:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 13:26:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 13:26:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 13:26:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 13:26:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 13:26:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 13:26:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 13:26:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 13:26:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 13:26:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 13:26:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 13:26:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 09:58:21 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 09:58:21 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 09:58:20 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 09:58:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 09:58:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 09:58:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 09:58:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 09:58:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 09:58:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 09:58:16 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.05 00:13:08 | 000,507,392 | ---- | C] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.02.04 23:48:33 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\ArcSoft ToGo [2013.02.03 00:38:54 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Program Settings [2013.02.03 00:35:40 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.008 [2013.02.03 00:35:39 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000 [2013.02.03 00:35:39 | 000,614,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004 [2013.02.03 00:35:39 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007 [2013.02.03 00:35:39 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002 [2013.02.03 00:35:39 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001 [2013.02.03 00:35:39 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005 [2013.02.03 00:35:39 | 000,077,878 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003 [2013.02.03 00:35:39 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006 [2013.02.03 00:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GUC [2013.01.31 17:21:36 | 004,940,344 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.01.31 17:21:36 | 000,104,504 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.01.31 17:21:34 | 000,026,168 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.01.31 17:21:32 | 001,360,952 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool110.dll [2013.01.31 17:21:32 | 000,063,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.01.31 17:21:28 | 000,127,544 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.01.31 17:21:22 | 000,049,720 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.01.31 17:21:18 | 000,068,152 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.01.31 17:21:16 | 000,207,416 | ---- | C] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.02 14:13:29 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.02 14:13:29 | 000,659,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.02 14:13:29 | 000,619,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.02 14:13:29 | 000,131,444 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.02 14:13:29 | 000,107,572 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.02 14:06:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.02 02:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.02 00:27:51 | 000,998,250 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.03.02 00:27:51 | 000,052,701 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.03.01 22:29:45 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 22:29:45 | 000,015,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 11:59:02 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 11:59:02 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.26 14:40:49 | 000,000,035 | ---- | M] () -- C:\Windows\Ulead32.INI [2013.02.26 09:40:32 | 026,365,893 | ---- | M] (Macrovision Corporation) -- C:\Users\*\Documents\TourExplorer25Deutschland5080.exe [2013.02.24 23:25:00 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\*\Desktop\JRT(1).exe [2013.02.24 13:09:44 | 000,003,153 | ---- | M] () -- C:\Users\*\Desktop\Secure Download Manager.lnk [2013.02.23 14:56:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2013.02.21 16:12:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.20 12:42:16 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.20 12:42:16 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.20 12:42:16 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.02.20 12:42:16 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.02.20 12:42:16 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.02.20 12:42:16 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.02.13 15:21:59 | 000,455,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 12:34:17 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Lexware buchhalter.lnk [2013.02.05 00:15:01 | 000,001,996 | -H-- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2013.02.05 00:15:01 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia 3.lnk [2013.02.05 00:13:08 | 000,507,392 | ---- | M] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.02.05 00:13:08 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2013.02.05 00:13:08 | 000,000,245 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin [2013.02.03 00:38:17 | 000,000,008 | ---- | M] () -- C:\Windows\SysWow64\PROTOCOL.INI [2013.02.03 00:36:27 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\FINView.Lnk [2013.01.31 17:21:36 | 004,940,344 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxXtreme110.dll [2013.01.31 17:21:36 | 000,104,504 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxUISettingsN100.dll [2013.01.31 17:21:34 | 000,026,168 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTPSW100.dll [2013.01.31 17:21:32 | 001,360,952 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxTool110.dll [2013.01.31 17:21:32 | 000,063,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxPXTree100.dll [2013.01.31 17:21:28 | 000,127,544 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxMail100.dll [2013.01.31 17:21:22 | 000,049,720 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LXCurr100.dll [2013.01.31 17:21:18 | 000,068,152 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxCI12.dll [2013.01.31 17:21:16 | 000,207,416 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Windows\SysWow64\LxBasics100.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.24 13:09:44 | 000,003,153 | ---- | C] () -- C:\Users\*\Desktop\Secure Download Manager.lnk [2013.02.21 16:12:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 00:38:17 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\PROTOCOL.INI [2013.02.03 00:36:27 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\FINView.Lnk [2013.02.03 00:35:55 | 000,149,504 | ---- | C] () -- C:\Windows\SysWow64\Unwise32.exe [2013.01.07 18:36:53 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2013.01.06 20:57:05 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2013.01.06 20:57:05 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2013.01.06 20:57:04 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2013.01.06 19:11:32 | 000,001,439 | ---- | C] () -- C:\Windows\ctnkr16.ini [2013.01.06 19:01:53 | 000,000,033 | ---- | C] () -- C:\Users\*\.STICK_TYP_VOREINSTELLUNG [2013.01.05 16:41:45 | 001,529,724 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.04 15:56:26 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI [2013.01.04 15:55:58 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2013.01.04 15:55:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2013.01.04 15:01:56 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2013.01.04 15:01:56 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT [2013.01.03 23:50:40 | 000,998,250 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2013.01.03 18:08:03 | 000,340,021 | ---- | C] () -- C:\Windows\SysWow64\jpeg.dll [2013.01.03 16:25:20 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.01.03 16:25:11 | 000,023,953 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2010.05.05 11:25:54 | 000,089,816 | ---- | C] () -- C:\Users\*\AppData\Roaming\Elster-Bar.bmp [2009.06.15 14:39:34 | 000,324,137 | ---- | C] () -- C:\Users\*\AppData\Roaming\elster_1001.jpg [2009.06.15 14:39:34 | 000,275,898 | ---- | C] () -- C:\Users\*\AppData\Roaming\Bitmapwhite.bmp [2009.06.15 14:39:34 | 000,174,680 | ---- | C] () -- C:\Users\*\AppData\Roaming\ELSTER.bmp [2009.06.15 14:39:34 | 000,174,678 | ---- | C] () -- C:\Users\*\AppData\Roaming\ELSTER.orig.bmp [2009.06.15 14:39:34 | 000,127,002 | ---- | C] () -- C:\Users\*\AppData\Roaming\offen0.jpg [2009.06.15 14:39:34 | 000,109,477 | ---- | C] () -- C:\Users\*\AppData\Roaming\Nutzungsbedingungen GuDMW SW deutsch.rtf [2009.06.15 14:39:34 | 000,009,352 | ---- | C] () -- C:\Users\*\AppData\Roaming\ST-GuDStarSignUSBTokenfuerELSTER.jpg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.03 21:57:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Acronis [2013.01.15 17:05:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Bildverkleinerer [2013.01.06 18:52:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Canon [2013.02.22 17:40:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\CD-LabelPrint [2013.01.06 20:57:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\concept design [2013.01.07 16:11:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DesktopIconForAmazon [2013.01.09 00:25:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft [2013.02.24 13:09:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\e-academy Inc [2013.01.06 17:52:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\elsterformular [2013.01.03 19:56:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\F02DCCDF-A8D1-4DC4-9FCF-293DCEFC50D0 [2013.01.07 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Geogrid [2013.01.04 00:54:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\JAM Software [2013.01.24 14:39:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Lexware [2013.01.24 21:15:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MagicMaps [2013.01.07 16:10:39 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OCS [2013.01.06 13:51:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ortwin [2013.01.03 18:42:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird [2013.01.09 12:03:26 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\topowin [2013.01.07 16:16:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software [2013.01.06 20:49:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zoner ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.03.2013 14:08:05 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manfred\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,29 Gb Available Physical Memory | 78,66% Memory free
15,99 Gb Paging File | 14,16 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 16,37 Gb Free Space | 14,66% Space Free | Partition Type: NTFS
Drive D: | 390,63 Gb Total Space | 277,14 Gb Free Space | 70,95% Space Free | Partition Type: NTFS
Drive E: | 540,88 Gb Total Space | 370,01 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
Drive K: | 931,28 Gb Total Space | 667,54 Gb Free Space | 71,68% Space Free | Partition Type: FAT32
Computer Name: MANFRED-PC | User Name: Manfred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1938205684-392548031-1744998494-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D58F60E-64B1-4DE3-938F-8CFEF3F8A9D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{0DFFEBEA-D59E-46D6-93BA-4543E438185C}" = rport=445 | protocol=6 | dir=out | app=system |
"{236E636D-634D-4ACC-B2F4-008BEB42384D}" = lport=139 | protocol=6 | dir=in | app=system |
"{248E7503-2617-4B06-9533-E513777D855D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2648D60E-CF0E-4F74-8175-CBE3D9D49D16}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C0E6C17-5B8E-4FA6-96A7-08569027E922}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{437E7964-08D8-463D-94D3-124FEE1062FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55F55497-9DEC-4E42-8693-A82523A6DFA4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6577FC11-16F4-4E95-8EB8-288EA75F2BF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{7C54D9CB-A370-4087-B451-1677A1C8EEB1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9B55B983-A250-41BE-89E0-A0761F5DDAE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{A04A64FD-F2C6-4BE5-9EFF-99E6709C0717}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A1CEBDE9-FA0B-4E33-A043-E48FDFB0EB4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4264AA2-5537-455D-A15E-95B4F3B59C06}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B48FB3CF-13EA-4206-A860-FCF2B2FF8B3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C076C70D-20C2-411D-8DE0-ED54EDFB0161}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4240379-363E-4D6C-94DE-B8C428781AC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA33CB19-3B52-498F-A3EB-C7A1254F1FB0}" = rport=137 | protocol=17 | dir=out | app=system |
"{D45EC4C4-9C25-4E7B-94AB-A41C3EA8CA97}" = rport=139 | protocol=6 | dir=out | app=system |
"{DA0ABE38-A947-4113-8ACE-10932AD9A74F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF9999E-6AB4-46C9-A095-6F2EF94A48AC}" = lport=138 | protocol=17 | dir=in | app=system |
"{E44EC7A5-8A3A-4B84-9331-9D1A9F4939D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F21D98EF-1ED5-4868-8125-9FDC555F51F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6F28309-AFAD-4D09-99DD-127A6367EDB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C05856B-5473-4211-886E-1F7EA10E3003}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{153840BE-0684-4955-B4A4-DFC7E163DCB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1632B66B-EC69-45BE-AED9-242BFBCC87D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{220CAD5C-AE79-4E99-9F8E-210905995EF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40607894-C97B-484D-9D92-AD239119195B}" = protocol=6 | dir=out | app=c:\program files (x86)\franzis\onlinetv 8\onlinetvstarter.exe |
"{45432EB0-EEAA-4598-8702-827F44608FEC}" = protocol=6 | dir=out | app=c:\program files (x86)\franzis\onlinetv 8\onlinetv.exe |
"{552F3AB5-DFEA-4892-9CB8-9F44D3162374}" = protocol=6 | dir=in | app=c:\program files (x86)\franzis\onlinetv 8\onlinetvstarter.exe |
"{65BC4DEB-639D-49BD-85C3-C7EF10310E46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6873FA42-0BFE-4BD2-AE55-8D0D424BA61C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{69166BAF-4AF6-4E92-B01F-937C39F80020}" = protocol=6 | dir=out | app=system |
"{6A3BC930-E8B3-4B3A-AF5C-9E2834A5F466}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A9D993C-97DA-4956-867C-AED24DE382F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D24A1EB-172F-430A-8F8F-853D9E706E2F}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{904E9C24-FCBD-4DFD-BC9B-EF8BE30D9A21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9BB3C799-9112-4AD0-8A8B-1D01C111C0C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D168CF4-E703-49A2-9B46-5554BF5FE7E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B1E12792-9826-49AD-BBD1-D3450DE40B06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B2255B9D-0B2D-44C3-B17E-E02DA300673E}" = protocol=6 | dir=in | app=c:\program files (x86)\franzis\onlinetv 8\onlinetv.exe |
"{B5C2454C-DA5B-4390-BF2C-2662314B0B33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B902D6A3-18BE-45E3-9ADE-08837988D637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8AA1BAB-81BF-45E2-BDAD-8BC60AED7CBD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{CD85BC78-8738-4A6A-9498-F10E00AE11D3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCCA4BE7-0B01-4670-8C97-46E9BCECEFC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DCCE66FF-6B16-44F3-A703-481EDA327FEF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1A7310B-065D-40F3-AB5A-33C6DAA8CAF9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4F71C49-A487-49F4-B02B-5A98FA287C5D}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3\totalmedia.exe |
"{E716EACB-14D3-40D1-A8AC-43CF7FA9B386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ED036796-5E9B-4C82-B88E-D32796141369}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F7FE5E4C-41DD-4D73-B1BD-A55D55A5F96F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FA9DE979-7311-46DC-B857-DFA18857F259}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{939913F9-F134-4E9E-B879-BE6755B69952}" = USB CCID Smartcard Reader - Version 1.2.1.2
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ZonerPhotoStudio13_DE_is1" = Zoner Photo Studio 13
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}" = Acronis*True*Image*Home 2012
"{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible" = Acronis*True*Image*Home 2012
"{0CA1C412-6716-40E8-B033-006002E7F7EC}" = MagicMaps Support und Update Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1551D7A5-4BE5-4FE3-A1BA-6E9FCBDF6E33}" = MagicMaps Tour Explorer 25 Deutschland V 5.0
"{1A8C2475-370D-4C94-9B27-A9663C9438C0}" = MagicMaps Tour Explorer 50 Österreich
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = TotalMedia
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.0
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für Tevion
"{3D597D61-1631-4CD1-9499-ABD21708B8F2}" = MagicMaps Tour Explorer 50 Österreich 4.0
"{3E8A20E1-223F-11E2-9116-B8AC6F98CCE3}" = Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{43F29DF0-5C1E-4D72-81FC-95CD84C3520B}" = PC-ASK
"{483E27E3-70C3-43BA-91D1-0BD3AD920288}" = MagicMaps Tour Explorer 50 Österreich 4.0 Daten DVD Topografische Karte (BEV)
"{4AC3B678-B65C-450A-A2A8-800BA873B30E}" = MagicMaps Schleswig-Holstein Hamburg Mecklenburg-Vorpommern 5.0
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{69742A9A-B7C4-433B-98B2-53D597598793}_is1" = Inpaint 3 Installation & Registrierung
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{6EE91F56-EEF6-45B4-AAD6-10E970BCCF62}" = MagicMaps Bayern 5.0
"{702B5ACF-7E61-4BFB-A30A-DF131111CCAA}" = MagicMaps Tour Explorer 25 Deutschland V 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8127FAC1-7E14-4A51-B0AF-692FCA16044E}" = MagicMaps Sachsen Thüringen 5.0
"{86107E2D-DFB9-46BC-99ED-07EACAEE0923}" = G Data InternetSecurity 2013
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8834D52E-DFBC-4D88-BEE8-EEEB35341F78}" = FINView 3.0 Client
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8E85BB53-A268-403A-9032-BBFEC90A8FD9}" = Top10 Viewer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A0E56653-AAA4-4A08-B841-022F48D4D437}" = KE 2.04
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF9B8F2B-8401-4E1F-AB22-E481ED20165B}" = FINAdmin
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B85AF345-5EE4-4654-8D07-B725101B1B26}" = MagicMaps Nordrhein-Westfalen 5.0
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C38E8F5B-DD55-4749-820C-63DB19CF6D8A}" = MagicMaps Berlin Brandenburg Sachsen-Anhalt 5.0
"{C92AB6F1-770F-EA32-6CF7-8A0792FA1A4B}_is1" = Ashampoo Snap 6 v.6.0.3
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1" = FRANZIS onlineTV 8
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CFF94055-F847-499B-AE86-B63C2E2FF9BD}" = MagicMaps Niedersachsen Bremen 5.0
"{DA2D304B-5791-4D2B-93B6-514A5DC67E47}" = MagicMaps Tour Explorer 50 Österreich 4.0 Daten DVD Rad- und Wanderkarte Freytag und Berndt
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E43A86CF-CBC4-40EA-A60A-1B12A1F11B30}" = PC-ASK
"{EA68992B-273F-4692-B24E-FDE423760A2B}" = Geogrid®-Viewer
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6B0EF38-9508-467B-8660-5A8242420459}" = MagicMaps Baden-Württemberg 5.0
"{FBD7863F-06FE-4C9A-A72C-DC19D9BFDD1A}" = MagicMaps Hessen Rheinland-Pfalz Saarland 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Der grandiose Bildverkleinerer" = Der grandiose Bildverkleinerer 1.7b
"DPP" = Canon Utilities Digital Photo Professional 3.9
"ElsterFormular" = ElsterFormular
"Foxit Reader_is1" = Foxit Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{636BAD38-26BC-4BD8-802B-F18ED2D48D65}" = G&D StarSign USB Token für ELSTER
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MapObjects 2.1 Runtime" = ESRI MapObjects 2 Runtime
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"ORTWIN_is1" = ORTWIN
"PhotoStitch" = Canon Utilities PhotoStitch
"PhotoZoom Pro 4" = BenVista PhotoZoom Pro 4.1.4
"QuoVadis 6_is1" = QuoVadis 6
"QuoVadis Ortsdatenbank Welt_is1" = QuoVadis Ortsdatenbank Welt
"TOPOWIN_is1" = TOPOWIN
"Touratech QV 4_is1" = Touratech QV 4
"TreeSize Free_is1" = TreeSize Free V2.7
"TTQV Navteq-Maps 2009Q4_is1" = TTQV Navteq-Maps 2009Q4
"TTQV5 Bonus-Maps_is1" = TTQV5 Bonus-Maps
"TTQV5 DEM Srtm30_is1" = TTQV5 DEM Srtm30
"TTQV5 Ortsdatenbank Welt_is1" = TTQV5 Ortsdatenbank Welt
"TTQV5-Map Weltatlas 4Mio_is1" = TTQV5-Map Weltatlas 4Mio
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.02.2013 19:09:36 | Computer Name = Manfred-PC | Source = Application Hang | ID = 1002
Description = Programm WINZIP32.EXE, Version 25.0.8708.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1888 Startzeit:
01ce12e3fe5e2cc5 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\WinZip\WINZIP32.EXE
Berichts-ID:
40541204-7ed7-11e2-9771-08002700b09c
Error - 01.03.2013 04:56:04 | Computer Name = Manfred-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Manfred\Downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.03.2013 17:59:14 | Computer Name = Manfred-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Manfred\downloads\SoftonicDownloader_fuer_windows-installer-clean-up.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 26.02.2013 14:05:40 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 27.02.2013 03:46:56 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
Error - 27.02.2013 03:47:19 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 28.02.2013 05:07:24 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
Error - 01.03.2013 04:41:45 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
Error - 01.03.2013 04:42:08 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 01.03.2013 11:32:40 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
Error - 01.03.2013 17:22:29 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
Error - 01.03.2013 17:22:53 | Computer Name = Manfred-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 02.03.2013 09:06:50 | Computer Name = Manfred-PC | Source = SCardSvr | ID = 602
Description =
< End of report >
|
|
03.03.2013, 17:48
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
03.03.2013, 19:02
| #19 |
| | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Gmer Code:
ATTFilter GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-03 18:21:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 Samsung_SSD_840_Series rev.DXT07B0Q 111,79GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\*AppData\Local\Temp\kwliifob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2316] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe[2316] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2832] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074911465 2 bytes [91, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[6176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749114bb 2 bytes [91, 74]
.text ... * 2
---- EOF - GMER 2.1 ----
MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.03.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
[administrator]
03.03.2013 18:36:24
mbar-log-2013-03-03 (18-36-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29519
Time elapsed: 4 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
03.03.2013, 20:45
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2013, 23:14
| #21 |
| | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Das Avast Tool hat sich zwei Mal aufgehangen. Soll ich es weiterhin probieren? TDSS Killer siehe Anhang. Danke weiterhin für deine Mühen. |
|
05.03.2013, 10:42
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 22:10
| #23 |
| | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll aswMBR Log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-05 22:08:22
-----------------------------
22:08:22.464 OS Version: Windows x64 6.1.7601 Service Pack 1
22:08:22.464 Number of processors: 4 586 0x170A
22:08:22.464 ComputerName: *-PC UserName: *
22:08:24.087 Initialize success
22:08:32.557 AVAST engine defs: 13030400
22:09:24.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5
22:09:24.209 Disk 0 Vendor: Samsung_SSD_840_Series DXT07B0Q Size: 114473MB BusType: 11
22:09:24.209 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
22:09:24.209 Disk 1 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 11
22:09:24.209 Disk 0 MBR read successfully
22:09:24.225 Disk 0 MBR scan
22:09:24.225 Disk 0 Windows 7 default MBR code
22:09:24.225 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:09:24.240 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
22:09:24.256 Disk 0 scanning C:\Windows\system32\drivers
22:09:29.170 Service scanning
22:09:41.915 Modules scanning
22:09:41.915 Disk 0 trace - called modules:
22:09:41.915 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:09:41.931 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007254060]
22:09:41.931 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa800716ce10]
22:09:41.931 5 vsflt67.sys[fffff88000fbe7cd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-5[0xfffffa8007058060]
22:09:41.946 Scan finished successfully
22:09:48.623 Disk 0 MBR has been saved successfully to "C:\Users\*\Desktop\MBR.dat"
22:09:48.639 The log file has been saved successfully to "C:\Users\*\Desktop\aswMBR.txt"
|
|
06.03.2013, 11:54
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2013, 16:59
| #25 |
| | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll MWB Quick Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.06.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 * :: *-PC [Administrator] Schutz: Aktiviert 06.03.2013 21:46:38 mbam-log-2013-03-06 (21-46-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 227837 Laufzeit: 2 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d8789d57a5235643830651b6d6a2e47b
# engine=13317
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-06 10:44:40
# local_time=2013-03-06 11:44:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 11703 114239730 0 0
# scanned=207826
# found=0
# cleaned=0
# scan_time=6761
|
|
07.03.2013, 17:11
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2013, 17:24
| #27 |
| | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Das klingt doch mal gut  Soweit ich das sehen konnte, nicht, aber es ist ja wie gesagt nicht mein eigener PC. Falls noch was auftauchen sollte, werde ich darüber berichten. CookieCuller werde ich mir noch anschauen. Danke auf jeden Fall nochmal für die Hilfe! |
|
08.03.2013, 00:22
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu IBUpdaterService (PUP. InstallBrain) und InstallMate Backdoor.Agent custom.dll |
| anti-malware, autostart, besser, bytes, code, dateien, daten, emsisoft, entfernen, gefährlich, geld, gelöscht, gen, geschlossen, guten, leute, malware, malware bytes, namen, platte, programm, quarantäne, speicher, trennung, verhindern, verloren, viren |
Linear-Darstellung
