| tobster4u | 13.03.2013 22:07 |
Bekomme 2 Objekte mit Malwarebytes nicht gelöscht ?
Laut Malewarebytes sollen die zwei Objekte beim Neustart gelöscht werden.
Aber sie sind immerwieder da.... :confused:
(PUM.UserWLoad)
(Trojan.Ransom) Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.02.18.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tobano :: ***** [Administrator]
24.02.2013 17:26:10
mbam-log-2013-02-24 (17-26-10).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211053
Laufzeit: 2 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Tobano\LOCALS~1\Temp\msbhfbn.com -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Tobano\LOCALS~1\Temp\msbhfbn.com -> Löschen bei Neustart.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
OTL: Code:
OTL logfile created on: 13.03.2013 21:56:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tobano\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,75 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 76,41% Memory free
15,50 Gb Paging File | 13,57 Gb Available in Paging File | 87,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 115,82 Gb Total Space | 43,74 Gb Free Space | 37,76% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 438,53 Gb Free Space | 47,08% Space Free | Partition Type: NTFS
Drive E: | 2,93 Gb Total Space | 0,36 Gb Free Space | 12,45% Space Free | Partition Type: FAT32
Drive H: | 114,03 Gb Total Space | 113,45 Gb Free Space | 99,49% Space Free | Partition Type: NTFS
Computer Name: MESLIEN-INK | User Name: Tobano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Tobano\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Software Antivirus\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Software Antivirus\AVIRA\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Software Antivirus\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Software Antivirus\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Software Antivirus\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Software Antivirus\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=61163b32-4d0f-4f30-a5c7-bf5e6864eab2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=61163b32-4d0f-4f30-a5c7-bf5e6864eab2&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes,DefaultScope = {873607B3-27D9-4788-9DFE-21C44E2D4E2E}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{36DECA85-B558-4883-8C93-D93005024D75}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{414C44FA-D66A-4DFC-8EA6-113BE3F23160}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{64DBFC96-5286-4054-A780-E4CF0C84FF29}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{873607B3-27D9-4788-9DFE-21C44E2D4E2E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{9BC79249-C48D-4ea6-9EA7-25A41BE6853A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\SearchScopes\{F4D1162C-9786-44EF-AED8-BE52A8324A9D}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\Software Video DVD\VLC Media Player\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012.04.25 18:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
O1 HOSTS File: ([2012.11.25 17:00:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3:64bit: - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Software Antivirus\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
F3:64bit: - HKU\S-1-5-21-2036060000-3709929059-964240512-1000 WinNT: Load - (C:\Users\Tobano\LOCALS~1\Temp\msbhfbn.com) - File not found
F3 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000 WinNT: Load - (C:\Users\Tobano\LOCALS~1\Temp\msbhfbn.com) - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2036060000-3709929059-964240512-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB28CF23-0083-40B5-BF63-69925D672385} hxxp://www.nero.com/doc/NeroVersionChecker.cab (CNeroSerialChecker Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A4D6516-D118-469E-B755-CE34A2D82223}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.03.13 21:55:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tobano\Desktop\OTL.exe
[2013.03.13 21:07:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tobano\Desktop\aswMBR.exe
[2013.03.08 17:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.03.08 17:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1und1Softwareaktualisierung
[2013.03.08 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.03.08 17:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.03.08 17:07:56 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2013.03.08 17:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2013.03.08 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Tobano\AppData\Local\Deployment
[2013.03.08 17:04:30 | 000,000,000 | ---D | C] -- C:\Users\Tobano\AppData\Local\Apps
[2013.02.21 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.21 16:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.21 16:39:26 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.21 16:39:15 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.21 16:39:15 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.15 11:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.15 11:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.15 11:00:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.15 11:00:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.15 11:00:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.15 11:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.15 11:00:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.15 11:00:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.15 11:00:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.15 11:00:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.15 11:00:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.15 11:00:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.15 11:00:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.15 11:00:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.15 11:00:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 18:09:28 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 18:09:26 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 18:09:26 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 18:09:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 18:09:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 18:09:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 18:09:12 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 18:09:12 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 18:09:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 18:09:10 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.01.11 19:18:49 | 003,412,912 | ---- | C] (TeamViewer GmbH) -- C:\Program Files\buhlqs_de.exe
[2013.01.11 19:17:04 | 001,824,256 | ---- | C] (Apache Software Foundation) -- C:\Program Files\xerces.dll
[2013.01.11 19:17:03 | 004,485,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\vc2008sp1redist_x86.exe
[2013.01.11 19:17:03 | 001,455,104 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmdoc.dll
[2013.01.11 19:17:03 | 000,146,432 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmcrypt.dll
[2013.01.11 19:17:03 | 000,136,192 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tm98.dll
[2013.01.11 19:17:03 | 000,042,496 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\tmget.dll
[2013.01.11 19:17:02 | 001,153,024 | ---- | C] (The ICU Project) -- C:\Program Files\icuuc44.dll
[2013.01.11 19:17:02 | 000,905,216 | ---- | C] (SECUNET AG) -- C:\Program Files\rsapem32.dll
[2013.01.11 19:17:02 | 000,148,480 | ---- | C] (Bastiaan Bakker, LifeLine Networks bv ) -- C:\Program Files\log4cpp.dll
[2013.01.11 19:17:00 | 014,930,944 | ---- | C] (The ICU Project) -- C:\Program Files\icudt44.dll
[2013.01.11 19:17:00 | 002,163,712 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericxml.dll
[2013.01.11 19:17:00 | 001,568,256 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\erictransfer.dll
[2013.01.11 19:17:00 | 001,163,776 | ---- | C] (Olaf Stüben) -- C:\Program Files\fa_xml.dll
[2013.01.11 19:17:00 | 000,997,376 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericutil.dll
[2013.01.11 19:16:59 | 005,144,064 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericbasis.dll
[2013.01.11 19:16:59 | 003,828,736 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericprint.dll
[2013.01.11 19:16:59 | 001,003,520 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericcrypt.dll
[2013.01.11 19:16:59 | 000,338,944 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericplugin.dll
[2013.01.11 19:16:59 | 000,157,184 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericio.dll
[2013.01.11 19:16:58 | 002,670,592 | ---- | C] (secunet Security Networks AG) -- C:\Program Files\eSigner.dll
[2013.01.11 19:16:58 | 000,945,152 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericapi.dll
[2013.01.11 19:16:58 | 000,738,792 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTDynInt.ocx
[2013.01.11 19:16:58 | 000,255,488 | ---- | C] (Bayerisches Landesamt für Steuern) -- C:\Program Files\ericanm.dll
[2013.01.11 19:16:58 | 000,022,016 | ---- | C] (keine) -- C:\Program Files\rsODF.DLL
[2013.01.11 19:16:57 | 005,762,024 | ---- | C] (WPCubed GmbH) -- C:\Program Files\WPTextDLL01.DLL
[2013.01.11 19:16:56 | 002,786,416 | ---- | C] (Buhl Tax Service GmbH, Hannover) -- C:\Program Files\rspatch.exe
[2013.01.11 19:16:56 | 000,466,032 | ---- | C] (Buhl Tax Service, Hannover) -- C:\Program Files\rspatcher.exe
[2013.01.11 19:16:50 | 001,153,024 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\libeay32.dll
[2013.01.11 19:16:50 | 000,237,056 | ---- | C] (The OpenSSL Project, hxxp://www.openssl.org/) -- C:\Program Files\ssleay32.dll
[2013.01.11 19:16:49 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2013.01.11 19:16:49 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2013.01.11 19:16:48 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\gdiplus.dll
[2013.01.11 19:16:42 | 001,061,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll
[2012.05.24 17:24:42 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2012.05.24 17:24:42 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2012.05.24 17:24:42 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
========== Files - Modified Within 30 Days ==========
[2013.03.13 21:55:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobano\Desktop\OTL.exe
[2013.03.13 21:23:40 | 000,000,512 | ---- | M] () -- C:\Users\Tobano\Desktop\MBR.dat
[2013.03.13 21:09:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tobano\Desktop\aswMBR.exe
[2013.03.13 21:07:44 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 21:07:44 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.13 21:06:23 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.13 21:06:23 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.13 21:06:23 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.13 21:06:23 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.13 21:06:23 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.13 20:59:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.13 20:59:31 | 1945,608,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.01 13:43:35 | 102,907,854 | ---- | M] () -- C:\Users\Tobano\Documents\TV-Movie_Megan-Fox.bmp
[2013.03.01 13:40:44 | 103,458,654 | ---- | M] () -- C:\Users\Tobano\Documents\TV-Spielfilm_Angelina-Jolie.bmp
[2013.03.01 13:26:38 | 103,183,254 | ---- | M] () -- C:\Users\Tobano\Documents\TV-Movie_Bar-Refaeli.bmp
[2013.02.24 22:33:56 | 001,868,432 | ---- | M] () -- C:\Users\Tobano\Documents\PANO2nd_HH-Hafen2.jpg
[2013.02.24 21:51:48 | 001,364,701 | ---- | M] () -- C:\Users\Tobano\Documents\PANO2nd_HH-Hafen.jpg
[2013.02.24 19:45:38 | 001,276,081 | ---- | M] () -- C:\Users\Tobano\Documents\PANO1st_Hafen.jpg
[2013.02.24 18:15:24 | 001,228,735 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00141.JPG
[2013.02.24 18:15:22 | 001,409,327 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00138.JPG
[2013.02.24 18:15:14 | 001,231,975 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00124.JPG
[2013.02.24 18:15:10 | 001,251,102 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00118.JPG
[2013.02.24 18:15:08 | 001,360,486 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00115.JPG
[2013.02.24 18:14:55 | 001,284,612 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00087.JPG
[2013.02.24 18:14:30 | 001,012,870 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00042.JPG
[2013.02.24 18:14:25 | 001,293,201 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00032.JPG
[2013.02.24 18:14:21 | 001,269,125 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00021.JPG
[2013.02.24 18:14:21 | 001,172,047 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00022.JPG
[2013.02.24 18:14:18 | 001,273,721 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00018.JPG
[2013.02.24 18:14:11 | 001,480,112 | ---- | M] () -- C:\Users\Tobano\Documents\DSC00007.JPG
[2013.02.24 17:09:46 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.24 17:09:46 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.21 16:39:06 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.02.21 16:39:06 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.21 16:39:06 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.21 16:39:06 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.21 16:39:06 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.21 16:39:06 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.18 09:56:37 | 000,410,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:10:11 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
========== Files Created - No Company Name ==========
[2013.03.13 21:23:40 | 000,000,512 | ---- | C] () -- C:\Users\Tobano\Desktop\MBR.dat
[2013.03.01 13:43:28 | 102,907,854 | ---- | C] () -- C:\Users\Tobano\Documents\TV-Movie_Megan-Fox.bmp
[2013.03.01 13:40:37 | 103,458,654 | ---- | C] () -- C:\Users\Tobano\Documents\TV-Spielfilm_Angelina-Jolie.bmp
[2013.03.01 13:26:38 | 103,183,254 | ---- | C] () -- C:\Users\Tobano\Documents\TV-Movie_Bar-Refaeli.bmp
[2013.02.24 22:33:55 | 001,868,432 | ---- | C] () -- C:\Users\Tobano\Documents\PANO2nd_HH-Hafen2.jpg
[2013.02.24 21:51:43 | 001,364,701 | ---- | C] () -- C:\Users\Tobano\Documents\PANO2nd_HH-Hafen.jpg
[2013.02.24 19:00:50 | 001,276,081 | ---- | C] () -- C:\Users\Tobano\Documents\PANO1st_Hafen.jpg
[2013.02.24 17:40:11 | 001,424,352 | ---- | C] () -- C:\Users\Tobano\Documents\DSC00105.JPG
[2013.02.24 17:39:41 | 001,306,550 | ---- | C] () -- C:\Users\Tobano\Documents\DSC00149.JPG
[2013.02.24 17:38:13 | 001,348,537 | ---- | C] () -- C:\Users\Tobano\Documents\DSC00080.JPG
[2013.02.21 16:40:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.11 19:18:49 | 000,325,319 | ---- | C] () -- C:\Program Files\tx.aldi.config.xml
[2013.01.11 19:18:48 | 000,440,893 | ---- | C] () -- C:\Program Files\konfigurator_verheiratet.v2011
[2013.01.11 19:18:48 | 000,407,150 | ---- | C] () -- C:\Program Files\konfigurator_ledig.v2011
[2013.01.11 19:18:48 | 000,332,912 | ---- | C] () -- C:\Program Files\stman2012.exe
[2013.01.11 19:18:48 | 000,102,400 | ---- | C] () -- C:\Program Files\steuerhilfe.exe
[2013.01.11 19:18:46 | 009,350,144 | ---- | C] () -- C:\Program Files\wstyle612.rsc
[2013.01.11 19:18:46 | 001,880,064 | ---- | C] () -- C:\Program Files\wfrm212.rsc
[2013.01.11 19:18:46 | 000,133,120 | ---- | C] () -- C:\Program Files\wfrm712.rsc
[2013.01.11 19:18:46 | 000,033,792 | ---- | C] () -- C:\Program Files\wfrm612.rsc
[2013.01.11 19:18:45 | 005,430,272 | ---- | C] () -- C:\Program Files\wfrm512.rsc
[2013.01.11 19:18:45 | 000,239,616 | ---- | C] () -- C:\Program Files\wfrm412.rsc
[2013.01.11 19:18:44 | 000,353,576 | ---- | C] () -- C:\Program Files\cdcheck.exe
[2013.01.11 19:18:44 | 000,236,544 | ---- | C] () -- C:\Program Files\wfrm112.rsc
[2013.01.11 19:18:44 | 000,152,576 | ---- | C] () -- C:\Program Files\wfrm312.rsc
[2013.01.11 19:18:44 | 000,010,240 | ---- | C] () -- C:\Program Files\wdict512.rsc
[2013.01.11 19:18:42 | 000,088,064 | ---- | C] () -- C:\Program Files\whelpust12.rsc
[2013.01.11 19:18:42 | 000,020,480 | ---- | C] () -- C:\Program Files\whelpzmz12.rsc
[2013.01.11 19:18:42 | 000,018,432 | ---- | C] () -- C:\Program Files\whelpva12.rsc
[2013.01.11 19:18:42 | 000,015,360 | ---- | C] () -- C:\Program Files\whelpzmm12.rsc
[2013.01.11 19:18:41 | 000,718,848 | ---- | C] () -- C:\Program Files\whelplos12.rsc
[2013.01.11 19:18:41 | 000,345,088 | ---- | C] () -- C:\Program Files\whelpgef12.rsc
[2013.01.11 19:18:41 | 000,231,424 | ---- | C] () -- C:\Program Files\whelpeue12.rsc
[2013.01.11 19:18:41 | 000,083,968 | ---- | C] () -- C:\Program Files\whelpstpl12.rsc
[2013.01.11 19:18:41 | 000,056,320 | ---- | C] () -- C:\Program Files\whelpehz12.rsc
[2013.01.11 19:18:41 | 000,036,864 | ---- | C] () -- C:\Program Files\whelpiz12.rsc
[2013.01.11 19:18:41 | 000,033,792 | ---- | C] () -- C:\Program Files\whelpmv12.rsc
[2013.01.11 19:18:41 | 000,025,600 | ---- | C] () -- C:\Program Files\whelpgst12.rsc
[2013.01.11 19:18:41 | 000,011,264 | ---- | C] () -- C:\Program Files\whelpbel12.rsc
[2013.01.11 19:18:33 | 035,281,920 | ---- | C] () -- C:\Program Files\whelpurt12.rsc
[2013.01.11 19:18:33 | 000,229,376 | ---- | C] () -- C:\Program Files\whelptt12.rsc
[2013.01.11 19:18:33 | 000,074,752 | ---- | C] () -- C:\Program Files\whelpmbr12.rsc
[2013.01.11 19:18:29 | 011,148,288 | ---- | C] () -- C:\Program Files\whelpges12.rsc
[2013.01.11 19:18:29 | 001,274,880 | ---- | C] () -- C:\Program Files\whelpest12.rsc
[2013.01.11 19:18:29 | 000,565,248 | ---- | C] () -- C:\Program Files\whelpbfh12.rsc
[2013.01.11 19:18:29 | 000,349,184 | ---- | C] () -- C:\Program Files\whelpabc12.rsc
[2013.01.11 19:18:29 | 000,062,464 | ---- | C] () -- C:\Program Files\whelpbnr12.rsc
[2013.01.11 19:18:29 | 000,061,440 | ---- | C] () -- C:\Program Files\whelpfabu12.rsc
[2013.01.11 19:18:29 | 000,053,248 | ---- | C] () -- C:\Program Files\whelpfaq12.rsc
[2013.01.11 19:17:03 | 000,177,264 | ---- | C] () -- C:\Program Files\rsericp.dll
[2013.01.11 19:16:58 | 000,182,643 | ---- | C] () -- C:\Program Files\buttons.pcc
[2013.01.11 19:16:57 | 000,000,040 | ---- | C] () -- C:\Program Files\WPTDynInt.lic
[2013.01.11 19:16:56 | 003,495,648 | ---- | C] () -- C:\Program Files\rssysteminfo.exe
[2013.01.11 19:16:55 | 002,649,088 | ---- | C] () -- C:\Program Files\qtxmlpatternsrs47.dll
[2013.01.11 19:16:55 | 000,358,400 | ---- | C] () -- C:\Program Files\qtxmlrs47.dll
[2013.01.11 19:16:55 | 000,318,064 | ---- | C] () -- C:\Program Files\rsguiwinapi47.dll
[2013.01.11 19:16:55 | 000,271,872 | ---- | C] () -- C:\Program Files\phononrs47.dll
[2013.01.11 19:16:55 | 000,261,232 | ---- | C] () -- C:\Program Files\rscorewinapi47.dll
[2013.01.11 19:16:55 | 000,230,752 | ---- | C] () -- C:\Program Files\patchw32.dll
[2013.01.11 19:16:55 | 000,135,792 | ---- | C] () -- C:\Program Files\rsodbc47.dll
[2013.01.11 19:16:55 | 000,028,672 | ---- | C] () -- C:\Program Files\rsdcom47.dll
[2013.01.11 19:16:53 | 011,163,648 | ---- | C] () -- C:\Program Files\qtwebkitrs47.dll
[2013.01.11 19:16:53 | 001,340,416 | ---- | C] () -- C:\Program Files\qtscriptrs47.dll
[2013.01.11 19:16:53 | 000,990,208 | ---- | C] () -- C:\Program Files\qtnetworkrs47.dll
[2013.01.11 19:16:53 | 000,715,776 | ---- | C] () -- C:\Program Files\qtopenglrs47.dll
[2013.01.11 19:16:53 | 000,704,000 | ---- | C] () -- C:\Program Files\qtsqlrs47.dll
[2013.01.11 19:16:53 | 000,281,088 | ---- | C] () -- C:\Program Files\qtsvgrs47.dll
[2013.01.11 19:16:53 | 000,108,544 | ---- | C] () -- C:\Program Files\qttestrs47.dll
[2013.01.11 19:16:51 | 008,934,400 | ---- | C] () -- C:\Program Files\qtguirs47.dll
[2013.01.11 19:16:51 | 002,356,736 | ---- | C] () -- C:\Program Files\qtcorers47.dll
[2013.01.11 19:16:51 | 000,865,280 | ---- | C] () -- C:\Program Files\qtcluceners47.dll
[2013.01.11 19:16:50 | 002,395,648 | ---- | C] () -- C:\Program Files\qt3supportrs47.dll
[2013.01.11 19:16:48 | 000,401,408 | ---- | C] () -- C:\Program Files\whelpcnt12.rsc
[2013.01.11 19:16:48 | 000,388,096 | ---- | C] () -- C:\Program Files\whelptech12.rsc
[2013.01.11 19:16:47 | 002,646,016 | ---- | C] () -- C:\Program Files\wxml12.rsc
[2013.01.11 19:16:47 | 002,189,312 | ---- | C] () -- C:\Program Files\wstyle12.rsc
[2013.01.11 19:16:47 | 001,607,792 | ---- | C] () -- C:\Program Files\wreli12.dll
[2013.01.11 19:16:47 | 001,537,136 | ---- | C] () -- C:\Program Files\wsteu12.dll
[2013.01.11 19:16:47 | 001,326,192 | ---- | C] () -- C:\Program Files\wwerb12.dll
[2013.01.11 19:16:47 | 000,188,416 | ---- | C] () -- C:\Program Files\wsearch12.rsc
[2013.01.11 19:16:47 | 000,146,432 | ---- | C] () -- C:\Program Files\woptions12.rsc
[2013.01.11 19:16:46 | 006,505,584 | ---- | C] () -- C:\Program Files\wkont12.dll
[2013.01.11 19:16:46 | 002,868,848 | ---- | C] () -- C:\Program Files\wmain12.dll
[2013.01.11 19:16:46 | 000,348,160 | ---- | C] () -- C:\Program Files\wmisc12.rsc
[2013.01.11 19:16:46 | 000,174,080 | ---- | C] () -- C:\Program Files\wnavitree12.rsc
[2013.01.11 19:16:46 | 000,020,480 | ---- | C] () -- C:\Program Files\wmenus12.rsc
[2013.01.11 19:16:45 | 001,185,280 | ---- | C] () -- C:\Program Files\wimp12.dll
[2013.01.11 19:16:45 | 001,137,776 | ---- | C] () -- C:\Program Files\whau112.dll
[2013.01.11 19:16:45 | 001,118,832 | ---- | C] () -- C:\Program Files\whau212.dll
[2013.01.11 19:16:44 | 007,562,352 | ---- | C] () -- C:\Program Files\wgui12.dll
[2013.01.11 19:16:44 | 002,946,160 | ---- | C] () -- C:\Program Files\wcore12.dll
[2013.01.11 19:16:44 | 001,873,008 | ---- | C] () -- C:\Program Files\wfvie12.dll
[2013.01.11 19:16:44 | 001,489,520 | ---- | C] () -- C:\Program Files\wbae412.dll
[2013.01.11 19:16:44 | 001,315,440 | ---- | C] () -- C:\Program Files\wfabu12.dll
[2013.01.11 19:16:44 | 000,135,168 | ---- | C] () -- C:\Program Files\wfanl12.rsc
[2013.01.11 19:16:44 | 000,058,368 | ---- | C] () -- C:\Program Files\wdict12.rsc
[2013.01.11 19:16:44 | 000,028,672 | ---- | C] () -- C:\Program Files\wcmds12.rsc
[2013.01.11 19:16:43 | 004,556,912 | ---- | C] () -- C:\Program Files\wbae112.dll
[2013.01.11 19:16:43 | 004,278,896 | ---- | C] () -- C:\Program Files\wauff12.dll
[2013.01.11 19:16:43 | 001,912,432 | ---- | C] () -- C:\Program Files\wbae312.dll
[2013.01.11 19:16:43 | 001,334,896 | ---- | C] () -- C:\Program Files\wbae212.dll
[2013.01.11 19:16:43 | 001,049,600 | ---- | C] () -- C:\Program Files\wanl12.rsc
[2013.01.11 19:16:43 | 000,012,288 | ---- | C] () -- C:\Program Files\wauff12.rsc
[2013.01.11 19:16:42 | 000,794,624 | ---- | C] () -- C:\Program Files\wimp12.db3
[2013.01.11 19:16:41 | 012,872,704 | ---- | C] () -- C:\Program Files\main12.db3
[2012.11.09 22:26:25 | 000,007,619 | ---- | C] () -- C:\Users\Tobano\AppData\Local\Resmon.ResmonCfg
[2012.05.24 17:24:42 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2012.05.24 17:24:42 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2012.05.24 17:24:42 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2012.05.22 21:15:50 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.05.07 13:24:59 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit.INI
[2012.04.17 20:47:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.04.12 14:35:56 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.04.12 12:59:21 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.04.12 12:59:21 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.04.12 12:59:20 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.04.12 12:59:20 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.04.12 12:59:20 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.04.12 12:24:55 | 000,000,262 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2012.04.05 20:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.05 20:27:09 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.03.08 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\1&1 Mail & Media GmbH
[2012.06.11 11:31:48 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Ashampoo
[2012.04.12 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Canon
[2013.02.05 20:29:08 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Ehfi
[2013.02.05 20:44:27 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Esuba
[2013.01.07 21:54:02 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\FileZilla
[2013.02.05 20:36:30 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Goomv
[2012.08.03 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\GrabPro
[2012.12.03 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Haufe
[2012.05.31 14:08:07 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Lexware
[2012.05.16 20:20:23 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\MAGIX
[2013.02.05 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Meuhib
[2013.01.09 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\OpenCandy
[2012.05.24 17:14:09 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\OpenOffice.org
[2013.02.11 21:40:39 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Orbit
[2012.10.27 20:26:40 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\PanoramaStudio2Pro
[2012.04.25 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\ProgSense
[2012.10.28 16:49:20 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\PTGui
[2012.04.12 13:20:21 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Ulead Systems
[2012.10.28 17:05:25 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\Zoner
[2013.02.05 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Tobano\AppData\Roaming\{F908EDE2-33C8-498C-9489-AB3F788021A2}
========== Purity Check ==========
< End of report >
|
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
SecurityCheck und: