| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner: Dropper.Generic_c.MMIWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.08.2012, 14:56
| #1 |
| |  Trojaner: Dropper.Generic_c.MMI Hallo erstmal, ich bin ganz frisch hier im Forum und möchte somit auch erstmal Hallo sagen und schonmal im Vorfeld für Eure Hilfe mich bedanken. Seit einigen Tagen habe ich wie im Topic erwähnt, folgendes Problem "C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI" Mir ist also aufgefallen das er sehr widerspenstig gegen alle unternehmungen meiner seits gewesen ist. Habe auch sehr viel darüber gelesen und auch mehrere englische Seiten gesehen wo dort durch manuelles spezifisches Löschen gewisser Windows "registry"-Einträge das problem behoben wurde. An dieses Thema mit der "registry" traue ich mich aber seit dem erscheinen von Win Vista nicht mehr heran. Und nach weiteren recherchen bin ich immer wieder auf dieses Forum gestoßen. Nun gut nun mal zum eingemachten: Mein Betriebssystem ist Win7 64bit Version Hier die Logfile von AVG Free HTML-Code: "Scan ""Bestimmte Dateien/Ordner scannen"" wurde beendet." "Infektionen";"1";"0";"1" "Warnungen";"147";"58";"89" "Für den Scanvorgang ausgewählte Ordner:";"C:\;" "Start des Scans:";"Mittwoch, 29. August 2012, 15:01:34" "Scan beendet:";"Mittwoch, 29. August 2012, 15:20:18 (18 Minute(n) 43 Sekunde(n))" "Gesamtanzahl gescannter Objekte:";"252069" "Benutzer, der den Scan gestartet hat:";"eMJay" "Infektionen" "Datei";"Infektion";"Ergebnis" "C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI";"Objekt befindet sich auf der Whitelist (wichtige Systemdatei, die nicht entfernt werden darf)" "Warnungen" "Datei";"Infektion";"Ergebnis" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.3cbd1331";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt";"Tracking cookie.Adtiger gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt:\adtech.de.b82cc00f";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.d7291c6b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.f462b69f";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.dd15d628";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.cef1c7af";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.c1dd09f2";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.a5b6a132";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.88317d98";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.27f1639b";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\yadro.ru.c77afad5";"Tracking cookie.Yadro gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\weborama.fr.30104bcb";"Tracking cookie.Weborama gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.f4648305";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.adc507fa";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Tracking cookie.Webtrendslive gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.ec9679e4";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.bf8b766";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.af3b05a6";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.4cd8c2e9";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.83b89ffa";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.82a499d7";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.5a5e0633";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.dae801b8";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.c1cf4a2d";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.50e13b1b";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.46bdaf68";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.44927ec";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.3983b30a";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1ecc4d24";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1d1a4fbf";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\realmedia.com.855b46d";"Tracking cookie.Realmedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Tracking cookie.Questionmarket gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Tracking cookie.Pro-market gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.f2d5a6f6";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.72c0abc9";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.ab37cbaa";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.323e9a10";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\fastclick.net.8a6435e9";"Tracking cookie.Fastclick gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.80ad4799";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.1e1e0e23";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.46763078";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.c0476bb7";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.39ec90c";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.525a5fb9";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.1dfa2206";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.db31947b";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.d5e309c2";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.cd21573";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.71beeff9";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.557c9f74";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.44f92a69";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.215df2f3";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.e61f82a7";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.b6b4dd3e";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.f85519c9";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.87f47d84";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.834e8c33";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.55e0f57c";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.2810c5c0";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt";"Tracking cookie.Smartadserver gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt";"Tracking cookie.Mediaplex gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt";"Tracking cookie.Ivwbox gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.74c5668";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt";"Tracking cookie.Atdmt gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben" "C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt" logfile von OLT HTML-Code: OTL logfile created on: 29.08.2012 14:35:47 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\eMJay\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,16% Memory free 7,99 Gb Paging File | 5,58 Gb Available in Paging File | 69,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 87,74 Gb Free Space | 58,87% Space Free | Partition Type: NTFS Drive D: | 427,59 Gb Total Space | 83,70 Gb Free Space | 19,57% Space Free | Partition Type: NTFS Drive E: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive N: | 15,00 Gb Total Space | 14,97 Gb Free Space | 99,79% Space Free | Partition Type: FAT Computer Name: LUCY | User Name: eMJay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe PRC - [2012.07.20 10:48:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.11.21 12:55:52 | 000,989,264 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe PRC - [2010.09.24 00:00:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.06.09 18:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.02.05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.02.04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012.07.20 10:48:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.02.16 01:36:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.01.19 16:28:27 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll MOD - [2011.01.18 21:37:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll MOD - [2011.01.18 21:37:13 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll MOD - [2011.01.18 21:36:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll MOD - [2011.01.18 21:36:42 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll MOD - [2011.01.18 21:36:37 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll MOD - [2011.01.18 21:36:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll MOD - [2011.01.18 21:36:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll MOD - [2011.01.18 21:36:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll MOD - [2011.01.18 21:36:07 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll MOD - [2011.01.18 21:35:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.02.24 00:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.02.24 00:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.24 00:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.24 00:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.24 00:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV:[b]64bit:[/b] - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked) SRV:[b]64bit:[/b] - [2010.03.30 16:12:23 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV - [2012.07.20 10:48:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2011.11.21 12:52:50 | 000,199,752 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ui11rdr.SYS -- (ui11rdr) DRV:[b]64bit:[/b] - [2011.09.13 09:57:09 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64) DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011.05.06 08:27:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA) DRV:[b]64bit:[/b] - [2011.04.09 18:23:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64) DRV:[b]64bit:[/b] - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:[b]64bit:[/b] - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:[b]64bit:[/b] - [2011.01.24 00:12:59 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2011.01.05 21:48:49 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:[b]64bit:[/b] - [2010.07.21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2010.04.08 10:11:59 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:[b]64bit:[/b] - [2010.03.30 16:46:01 | 006,657,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2010.03.30 15:23:33 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:[b]64bit:[/b] - [2009.12.22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:[b]64bit:[/b] - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:[b]64bit:[/b] - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=13170&l=dis IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=D5F45CB4-FE12-465C-B6F2-F1D18005CBC4&apn_sauid=F295B89A-D9FE-42A5-87F8-79ACEB4DD797 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\eMJay\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.28 01:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.28 01:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011.12.28 01:28:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M] [2011.01.20 09:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Extensions [2012.08.23 11:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions [2012.08.23 11:11:19 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012.03.15 21:39:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.28 01:29:40 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\DTToolbar@toolbarnet.com [2012.06.11 09:35:19 | 000,002,397 | ---- | M] () -- C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\searchplugins\askcom.xml [2012.07.26 17:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.01 22:55:58 | 000,031,289 | ---- | M] () (No name found) -- C:\USERS\EMJAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TBHQBC2G.DEFAULT\EXTENSIONS\AUTOFORMER2@MOZILLA.ORG.XPI [2012.07.20 10:48:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.28 15:07:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.03.12 03:29:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 03:29:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.12 03:29:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.12 03:29:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.12 03:29:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.12 03:29:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DivX HiQ = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll (IE Toolbar) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG) O4 - HKCU..\Run: [Facebook Update] C:\Users\eMJay\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB771FF-0609-4518-B578-B03B8BAEA8D0}: DhcpNameServer = 192.168.178.1 O18:[b]64bit:[/b] - Protocol\Handler\cdo - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment) O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell\AutoRun\command - "" = G:\NPSAI.exe O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = K:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.08.29 14:14:00 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe [2012.08.26 00:10:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012.08.06 11:19:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.01 01:34:07 | 000,000,000 | ---D | C] -- C:\Users\eMJay\Desktop\Musik [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.08.29 14:35:39 | 000,000,168 | ---- | M] () -- C:\Users\eMJay\defogger_reenable [2012.08.29 14:34:51 | 000,050,477 | ---- | M] () -- C:\Users\eMJay\Desktop\Defogger.exe [2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe [2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.29 13:48:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.29 13:47:17 | 105,215,959 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2012.08.29 13:41:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.08.29 13:41:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.29 13:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.29 13:41:09 | 3219,505,152 | -HS- | M] () -- C:\hiberfil.sys [2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job [2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job [2012.08.12 23:18:40 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.12 23:18:40 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.12 23:18:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.12 23:18:40 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.12 23:18:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.08.29 14:35:39 | 000,000,168 | ---- | C] () -- C:\Users\eMJay\defogger_reenable [2012.08.29 14:34:50 | 000,050,477 | ---- | C] () -- C:\Users\eMJay\Desktop\Defogger.exe [2012.08.25 23:39:11 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000064.@ [2012.08.25 23:39:11 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\L\00000004.@ [2012.08.25 23:39:10 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000008.@ [2012.08.25 23:39:09 | 000,093,184 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000032.@ [2012.08.25 23:39:08 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\000000cb.@ [2012.08.25 23:39:06 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000000.@ [2012.08.25 23:39:05 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000004.@ [2011.04.17 10:54:43 | 000,000,000 | ---- | C] () -- C:\Users\eMJay\AppData\Local\prvlcl.dat [2011.03.15 19:42:18 | 000,007,602 | ---- | C] () -- C:\Users\eMJay\AppData\Local\Resmon.ResmonCfg [2011.02.06 21:34:09 | 000,185,199 | ---- | C] () -- C:\Windows\hpoins44.dat [2011.01.30 13:06:41 | 000,007,168 | ---- | C] () -- C:\Users\eMJay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.23 18:07:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll [2011.01.23 18:07:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2011.01.12 10:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 20:42:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@ [2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Users\eMJay\AppData\Local\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@ [2010.09.23 23:54:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.23 23:50:51 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.09.23 23:40:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [color=#E56717]========== LOP Check ==========[/color] [2012.01.18 13:33:31 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\1&1 [2011.12.28 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Asus WebStorage [2011.01.20 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.01.24 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DAEMON Tools Lite [2012.03.15 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DVDVideoSoft [2011.06.24 01:00:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\EeeStorageUploader [2012.03.11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\GetRightToGo [2011.05.18 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\InterTrust [2011.01.22 06:01:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Local [2012.05.20 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\TS3Client [2012.05.19 10:45:17 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\ts3overlay [2011.07.21 00:04:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Verbindungsassistent [2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job [2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job [2011.03.15 20:37:55 | 000,024,306 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > GMER.exe hat nichts gefunden jetzt bin ich natürlich ein wenig ratlos wie es weiter gehen soll. Ich hoffe das ihr jetzt alle Informationen habt die Ihr brauchen werdet um mir zu helfen Mit freundlichem Gruß eMJay |
| Themen zu Trojaner: Dropper.Generic_c.MMI |
| ad.yieldmanager, avg, bho, converter, document, dropper.generic_c.mm, explorer, firefox, google earth, limited.com/facebook, mozilla, object, pdf, plug-in, registry, rootkit.0access, rootkit.0access.64, security, seiten, services.exe, software, system, trojan.bho, trojan.dropper.bcminer, trojaner, trojaner-system32-services.exe-dropper.generic_c.mmi, virenquarantäne, vista, win7 64bit, windows |
Baum-Darstellung