| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firefox-Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.11.2011, 16:16
| #1 |
| |  Firefox-Trojaner? Hallo Trojanies, hab seit einigen Tagen ein ernstzunehmendes Problem mit meinem Computer festgestellt. Vor ca 2 Wochen musste ich nach einem Datenbanken-Problem meinen Computer formatieren und alles neu drauf spielen. Dies nahm einige Zeit in Anspruch. Nun gut, in den ersten Tagen funktionierte der PC noch einwandfrei. Nachdem ich das ein oder andere Programm installierte merkte ich eine große Veränderung vorallem bei firefox. Dies machte sich durch viele Abstürze von Firefox (und auch mein Win7 64bit) bemerkbar. Wenn ich z.B nicht aktiv am PC arbeite, blinkt der Mauszeiger mit dem normalen Ladeicon. Das hab ich bei semtlichen vorrigen Computern noch nie gehabt. Als wenn irgendwas im Hintergrund arbeitet. Nun gut, habe mich dann ein wenig informiert (bin ein Trojaner-Neudingens) und bin auf Euch gestoßen. Hatte mich sogar mal registriert weil ich vor einigen Monaten auch mal ein Problem hatte, das ich Euch durch einen anderen Thread gelöst hatte. Wie auch immer, nun hab ich bei google und in diversen Foren leider nichts gefunden und bitte nun Euch, mich meinem Problem anzunehmen.  Patient: Windows 7 Ultimate (64 Bit) 4 GB RAM ATI Radeon HD4800 Intel E8400 @3 GhZ (Core 2 Duo) OTL SCANS: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 24.11.2011 16:01:30 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\affenZucker\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,75% Memory free
8,00 Gb Paging File | 6,20 Gb Available in Paging File | 77,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 485,64 Gb Free Space | 81,46% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 41,42 Gb Free Space | 21,21% Space Free | Partition Type: NTFS
Drive E: | 37,57 Gb Total Space | 4,29 Gb Free Space | 11,41% Space Free | Partition Type: NTFS
Drive I: | 3,68 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Computer Name: AFFENZUCKER-PC | User Name: affenZucker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{83FA8348-A625-48F9-BF38-47E91F963930}" = O&O Defrag Professional
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"avast" = avast! Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"RocketDock_is1" = RocketDock 1.3.5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.11.2011 16:18:39 | Computer Name = affenZucker-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 23.11.2011 16:28:38 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 16:28:38 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 16:28:39 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 16:28:40 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 16:28:40 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 16:28:41 | Computer Name = affenZucker-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 23.11.2011 19:20:41 | Computer Name = affenZucker-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2011 05:42:28 | Computer Name = affenZucker-PC | Source = WinMgmt | ID = 10
Description =
Error - 24.11.2011 09:04:13 | Computer Name = affenZucker-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 13.11.2011 11:33:41 | Computer Name = affenZucker-PC | Source = bowser | ID = 8003
Description =
Error - 17.11.2011 09:35:47 | Computer Name = affenZucker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?11.?2011 um 13:21:45 unerwartet heruntergefahren.
Error - 17.11.2011 09:41:22 | Computer Name = affenZucker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?17.?11.?2011 um 14:37:38 unerwartet heruntergefahren.
Error - 17.11.2011 09:41:29 | Computer Name = affenZucker-PC | Source = BugCheck | ID = 1001
Description =
Error - 19.11.2011 05:59:33 | Computer Name = affenZucker-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.11.2011 09:35:30 | Computer Name = affenZucker-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.11.2011 10:29:21 | Computer Name = affenZucker-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 21.11.2011 10:46:54 | Computer Name = affenZucker-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 21.11.2011 17:33:05 | Computer Name = affenZucker-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 23.11.2011 19:19:07 | Computer Name = affenZucker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?11.?2011 um 00:17:03 unerwartet heruntergefahren.
< End of report >
Code:
ATTFilter OTL logfile created on: 24.11.2011 16:01:30 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\affenZucker\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 60,75% Memory free 8,00 Gb Paging File | 6,20 Gb Available in Paging File | 77,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 485,64 Gb Free Space | 81,46% Space Free | Partition Type: NTFS Drive D: | 195,31 Gb Total Space | 41,42 Gb Free Space | 21,21% Space Free | Partition Type: NTFS Drive E: | 37,57 Gb Total Space | 4,29 Gb Free Space | 11,41% Space Free | Partition Type: NTFS Drive I: | 3,68 Gb Total Space | 3,68 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: AFFENZUCKER-PC | User Name: affenZucker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.24 15:42:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\affenZucker\Downloads\OTL.exe PRC - [2011.11.08 23:16:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Avast\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Avast\AvastSvc.exe PRC - [2011.02.18 11:06:06 | 001,666,560 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE PRC - [2011.02.18 11:05:32 | 000,495,616 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (No Company Name) ========== MOD - [2011.11.08 23:16:49 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.10.12 21:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.10.04 21:41:20 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.10.12 17:50:54 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.10.22 02:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.21 23:58:49 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.11.21 23:58:47 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.11.21 23:45:49 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.10.12 21:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.10.12 21:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.12 20:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.09.14 14:58:38 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2011.09.06 22:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.09.06 22:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.09.06 22:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.09.06 22:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.09.06 22:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.09.06 22:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.06 18:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.09 15:34:44 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.12.11 06:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr) DRV - [2011.09.22 18:10:46 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 18 11 58 00 9B CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Avast\WebRep\FF [2011.11.04 17:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.11.09 15:16:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 23:16:49 | 000,000,000 | ---D | M] [2011.11.04 16:11:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\affenZucker\AppData\Roaming\mozilla\Extensions [2011.11.22 01:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\affenZucker\AppData\Roaming\mozilla\Firefox\Profiles\g8aq5e1x.default\extensions [2011.11.06 19:41:23 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\affenZucker\AppData\Roaming\mozilla\Firefox\Profiles\g8aq5e1x.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2011.11.19 11:40:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\affenZucker\AppData\Roaming\mozilla\Firefox\Profiles\g8aq5e1x.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.21 23:47:15 | 000,005,604 | ---- | M] () -- C:\Users\affenZucker\AppData\Roaming\Mozilla\Firefox\Profiles\g8aq5e1x.default\searchplugins\Linkury Smartbar Search.xml [2011.11.15 16:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.15 16:51:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} () (No name found) -- C:\USERS\AFFENZUCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G8AQ5E1X.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\AFFENZUCKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G8AQ5E1X.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI [2011.11.08 23:16:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.13 20:28:08 | 000,000,886 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 secure.tune-up.com O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{267DAE5C-745D-4121-9BB2-B12FEC4F1FBD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKCU Winlogon: Shell - (expstart.exe) -C:\Windows\expstart.exe () O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c8851c5c-06ed-11e1-b973-0022151b5ec8}\Shell - "" = AutoRun O33 - MountPoints2\{c8851c5c-06ed-11e1-b973-0022151b5ec8}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.23 17:26:44 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Microsoft Games [2011.11.22 01:07:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.11.22 00:02:19 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Risen [2011.11.21 23:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2011.11.21 23:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2011.11.21 23:58:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2011.11.21 23:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011.11.21 23:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2011.11.21 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2011.11.21 23:46:19 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\OpenCandy [2011.11.21 23:45:49 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.11.21 23:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011.11.21 15:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.21 15:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.21 15:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.20 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Documents\Turbo Lister [2011.11.19 14:04:42 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Desktop\ESL [2011.11.18 14:07:12 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Desktop\EBAY- NEU [2011.11.17 14:41:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.11.17 03:30:12 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\In The Money [2011.11.17 03:30:12 | 000,000,000 | ---D | C] -- C:\HMArchive [2011.11.17 03:30:05 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\HEM Data [2011.11.16 02:00:40 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Dropbox [2011.11.16 01:48:14 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.11.16 01:47:42 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Dropbox [2011.11.15 20:21:30 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\vlc [2011.11.15 20:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.11.15 16:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.11.15 16:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.11.15 16:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2011.11.15 16:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.11.15 16:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres [2011.11.14 22:08:48 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.14 22:08:48 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Adobe Mini Bridge CS5 [2011.11.14 18:54:18 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Skype [2011.11.14 18:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.14 18:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2011.11.14 18:54:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2011.11.14 18:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.11.13 20:29:43 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011.11.13 20:29:43 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011.11.13 20:29:43 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011.11.13 20:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2011.11.13 20:29:29 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\TuneUp Software [2011.11.13 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012 [2011.11.13 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.11.13 20:28:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.11.11 14:54:27 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Desktop\Ebay-TISCH [2011.11.10 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\ts3overlay [2011.11.10 19:43:52 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\TS3Client [2011.11.10 19:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 [2011.11.10 16:36:39 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.10 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Apple Computer [2011.11.10 16:09:14 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Apple Computer [2011.11.10 16:09:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2011.11.10 16:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.10 16:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.11.10 16:08:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.11.10 16:08:15 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Apple [2011.11.10 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.11.10 16:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011.11.10 16:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.10 16:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.11.10 16:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.11.10 16:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.11.09 02:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.11.09 02:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2011.11.09 02:55:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.11.09 02:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2011.11.09 02:53:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2011.11.09 02:52:57 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Microsoft Help [2011.11.09 02:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2011.11.09 02:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.11.09 02:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.11.09 02:52:38 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.11.06 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\.clipbak [2011.11.04 23:46:33 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Documents\Turbo Lister Backup [2011.11.04 23:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2011.11.04 23:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2011.11.04 23:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay [2011.11.04 20:26:46 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Chromium [2011.11.04 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\The Creative Assembly [2011.11.04 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total War Shogun 2 [2011.11.04 19:48:08 | 000,000,000 | ---D | C] -- C:\Windows\W7SOC [2011.11.04 19:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock [2011.11.04 18:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2011.11.04 18:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2011.11.04 18:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2011.11.04 18:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2011.11.04 18:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2011.11.04 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2011.11.04 18:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2011.11.04 18:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2011.11.04 18:28:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2011.11.04 18:26:37 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Adobe [2011.11.04 18:00:54 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\DAEMON Tools Lite [2011.11.04 18:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.11.04 17:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2011.11.04 17:55:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag [2011.11.04 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\O&O [2011.11.04 17:53:10 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Downloaded Installations [2011.11.04 17:49:37 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.11.04 17:49:37 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2011.11.04 17:49:34 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.11.04 17:49:32 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.11.04 17:49:30 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.11.04 17:49:29 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.11.04 17:49:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.11.04 17:49:15 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.11.04 17:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.11.04 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avast [2011.11.04 17:25:45 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.11.04 16:28:08 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.11.04 16:13:17 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\WinRAR [2011.11.04 16:13:17 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.11.04 16:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.11.04 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Mozilla [2011.11.04 16:11:20 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Mozilla [2011.11.04 16:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.11.04 16:09:52 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\ROCCAT [2011.11.04 16:08:20 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\ATI [2011.11.04 16:08:20 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\ATI [2011.11.04 16:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.11.04 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2011.11.04 16:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2011.11.04 16:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2011.11.04 16:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2011.11.04 16:05:34 | 000,000,000 | ---D | C] -- C:\Intel [2011.11.04 16:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell [2011.11.04 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT [2011.11.04 16:02:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2011.11.04 16:02:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2011.11.04 16:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2011.11.04 16:01:49 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2011.11.04 16:01:49 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2011.11.04 16:01:49 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2011.11.04 16:01:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2011.11.04 16:01:49 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2011.11.04 16:01:49 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2011.11.04 16:01:49 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2011.11.04 16:01:49 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2011.11.04 16:01:49 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2011.11.04 16:01:49 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2011.11.04 16:01:49 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2011.11.04 16:01:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2011.11.04 15:59:13 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\Documents\DriverGenius [2011.11.04 15:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius [2011.11.04 15:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverGenius [2011.11.04 15:45:12 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Macromedia [2011.11.04 15:45:10 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Adobe [2011.11.04 15:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2011.11.04 15:44:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.11.04 15:28:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2011.11.04 15:28:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.04 15:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick [2011.11.04 15:11:25 | 000,014,120 | R--- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys [2011.11.04 15:11:19 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys [2011.11.04 15:11:19 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll [2011.11.04 15:05:07 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AVM_Driver [2011.11.04 15:00:34 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.11.04 15:00:34 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Searches [2011.11.04 15:00:34 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.11.04 15:00:26 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Identities [2011.11.04 15:00:25 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Contacts [2011.11.04 15:00:24 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\VirtualStore [2011.11.04 15:00:16 | 000,000,000 | --SD | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Videos [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Saved Games [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Pictures [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Music [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Links [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Favorites [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Downloads [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Documents [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\Desktop [2011.11.04 15:00:16 | 000,000,000 | R--D | C] -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Vorlagen [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\AppData\Local\Verlauf [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\AppData\Local\Temporary Internet Files [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Startmenü [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\SendTo [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Recent [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Netzwerkumgebung [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Lokale Einstellungen [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Documents\Eigene Videos [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Documents\Eigene Musik [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Eigene Dateien [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Documents\Eigene Bilder [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Druckumgebung [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Cookies [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\AppData\Local\Anwendungsdaten [2011.11.04 15:00:16 | 000,000,000 | -HSD | C] -- C:\Users\affenZucker\Anwendungsdaten [2011.11.04 15:00:16 | 000,000,000 | -H-D | C] -- C:\Users\affenZucker\AppData [2011.11.04 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Temp [2011.11.04 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Local\Microsoft [2011.11.04 15:00:16 | 000,000,000 | ---D | C] -- C:\Users\affenZucker\AppData\Roaming\Media Center Programs [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Programme [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.11.04 15:00:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.11.04 14:45:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.11.04 14:43:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.11.04 14:43:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.11.04 14:42:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.11.04 14:41:53 | 000,000,000 | -HSD | C] -- C:\Boot ========== Files - Modified Within 30 Days ========== [2011.11.24 15:41:51 | 000,000,168 | ---- | M] () -- C:\Users\affenZucker\defogger_reenable [2011.11.24 14:09:50 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 14:09:50 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 14:08:14 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.24 14:08:14 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.24 14:08:14 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.24 14:08:14 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.24 14:08:14 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.24 14:02:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.24 14:02:36 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2011.11.24 14:02:35 | 000,052,275 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.11.21 23:58:49 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011.11.21 23:58:47 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011.11.21 23:45:49 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.11.21 15:09:31 | 000,001,456 | ---- | M] () -- C:\Users\affenZucker\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.11.20 13:41:49 | 004,918,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.17 14:41:17 | 3612,160,421 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.11.17 03:30:35 | 000,000,000 | ---- | M] () -- C:\Windows\HMHud.INI [2011.11.13 20:11:37 | 000,002,170 | ---- | M] () -- C:\Users\affenZucker\clipdat2.rdf [2011.11.10 17:21:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.08 20:30:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.11.04 19:48:08 | 000,925,184 | ---- | M] () -- C:\Windows\expstart.exe [2011.11.04 17:51:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.11.04 15:41:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2011.11.04 15:41:29 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2011.11.04 15:23:06 | 000,310,191 | RHS- | M] () -- C:\VUOJY [2011.11.04 14:46:42 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.11.04 14:46:42 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.11.04 14:45:29 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.11.04 14:41:55 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK ========== Files Created - No Company Name ========== [2011.11.24 15:41:51 | 000,000,168 | ---- | C] () -- C:\Users\affenZucker\defogger_reenable [2011.11.21 23:58:49 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2011.11.21 23:58:47 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2011.11.17 14:41:17 | 3612,160,421 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.11.17 03:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.11.15 16:50:21 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.11.15 16:50:21 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.11.13 20:29:38 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2011.11.13 20:11:37 | 000,002,170 | ---- | C] () -- C:\Users\affenZucker\clipdat2.rdf [2011.11.10 17:21:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.11.10 16:08:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.11.08 20:30:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.11.08 18:07:14 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk [2011.11.08 18:07:14 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk [2011.11.06 19:12:43 | 000,001,456 | ---- | C] () -- C:\Users\affenZucker\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.11.04 19:48:28 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe [2011.11.04 18:22:41 | 000,052,275 | ---- | C] () -- C:\Windows\SysNative\oodbs.lor [2011.11.04 16:28:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2011.11.04 15:41:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2011.11.04 15:41:29 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2011.11.04 15:23:06 | 000,310,191 | RHS- | C] () -- C:\VUOJY [2011.11.04 15:11:29 | 000,013,189 | R--- | C] () -- C:\Windows\instwcli.inf [2011.11.04 15:11:19 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin [2011.11.04 15:00:38 | 000,001,409 | ---- | C] () -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.11.04 15:00:35 | 000,001,443 | ---- | C] () -- C:\Users\affenZucker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.11.04 14:45:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.04 14:43:02 | 3220,475,904 | -HS- | C] () -- C:\hiberfil.sys [2011.11.04 14:41:55 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011.11.04 14:41:53 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2011.11.10 16:36:39 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.11.21 23:46:26 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\DAEMON Tools Lite [2011.11.19 13:22:03 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\Dropbox [2011.11.17 03:30:05 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\HEM Data [2011.11.21 23:46:22 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\OpenCandy [2011.11.04 16:10:08 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\ROCCAT [2011.11.14 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.11.04 20:16:39 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\The Creative Assembly [2011.11.10 22:47:43 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\TS3Client [2011.11.10 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\ts3overlay [2011.11.13 20:29:29 | 000,000,000 | ---D | M] -- C:\Users\affenZucker\AppData\Roaming\TuneUp Software [2009.07.14 06:08:49 | 000,015,750 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.04 15:00:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.04 14:41:53 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.04 15:00:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.17 03:30:12 | 000,000,000 | ---D | M] -- C:\HMArchive [2011.11.04 16:05:34 | 000,000,000 | ---D | M] -- C:\Intel [2011.11.09 02:52:38 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.21 15:47:59 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.22 01:07:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.22 01:07:20 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.04 15:00:11 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.04 15:00:11 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.24 15:45:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.17 03:28:06 | 000,000,000 | R--D | M] -- C:\Users [2011.11.21 23:58:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\W7SOC\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Hoffe ich hab alles richtig gemacht. Ich hab noch eine Frage bezüglich dem Programm Defogger. Ich muss ehrlich sagen, ich hab Eurer Anleitung einfach blind verfolgt, da ich in der Vergangenheit nur gute Erfahrungen mit Euch gemacht. Daher denke ich sowieso das dies sicher nichts schlimmes ist. Dennoch wollte ich nochmal fragen ob ich nun nachdem ich bei Defogger irgendwas deaktiviert habe, gerne wissen, ob ich das jetzt wieder aktivieren muss, oder ob nun alles OK ist? Danke ;-)  fikxi EDIT: Mir ist noch eingefallen, wenn ich im Firefox in der normalen Eingabeleiste irgendwas eingebe, bin ich immer zu google.de gekommen um mir wurden Suchergebnisse angezeigt. Dort werde ich immer auf folgende Seite verwiesen anstatt auf google.de: (Meine Suche war: "was ist denn hier passiert?") hxxp://isearch.whitesmoke.com/?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=was+ist+denn+hier+passiert&babsrc=home&isid=9845&s=web&as=0 Geändert von fikxi (24.11.2011 um 16:21 Uhr) Grund: EDIT |
|
24.11.2011, 20:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firefox-Trojaner? Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
24.11.2011, 23:43
| #3 |
| | Firefox-Trojaner? ...danke für die schnelle Rückmeldung!
__________________ Hier die angeforderten Logfiles: Maleware Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8234
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
24.11.2011 21:56:52
mbam-log-2011-11-24 (21-56-52).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 365185
Laufzeit: 37 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter nichts gefunden (0 Ergebnisse)
Hat mich beides minimum 2 stunden gekostet :-) Und nu? |
|
25.11.2011, 10:36
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firefox-Trojaner?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Firefox-Trojaner? |
| 32-bit, adobe, autorun, bho, blinkt, c:\windows\system32\rundll32.exe, computer, computern, document, driver genius, error, excel, excel.exe, fehler, flash player, frage, google, helper, install.exe, installation, jdownloader, langs, logfile, microsoft office word, mozilla, plug-in, problem, programm, realtek, registry, required, richtlinie, rundll, schattenkopien, security, shell32.dll, shortcut, smartbar, software, stick, teamspeak, version=1.0, warnung, webcheck, win7 64bit |
Linear-Darstellung
