| |
| |||||||
Log-Analyse und Auswertung: Antivir blockt mor.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.09.2012, 08:18
| #1 |
 |  Antivir blockt mor.exe Hallo liebes Trojanerboard, mein Avira Scanner hat beim Surfen auf www.kuhnshop.de die Ausführung von mor.exe geblockt: Gesperrte Anwendung: Lokale IP: 0.0.0.0 Lokaler Port: 7621 Remote IP: 127.0.0.1 Remote Port: 12460 Aktionscode: Connect Pfad der Anwendung: C:\Users\JUDITH~1\AppData\Local\Temp\mor.exe Zur Vorgeschichte: ich erhielt eine Spammail, die mich aufforderte eine noch nicht beglichene Rechnung von über 5000,- € bei Kuhn Versand zu bezahlen. Ich hab mir über Google die Seite rausgesucht und habe auf der Website auf Impressum geklickt - dann kam der Block. Daraufhin habe ich einen Scan mit Antivir gemacht, das Programm hat auch was gefunden, hier das Logfile: Code:
ATTFilter Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Sonntag, 2. September 2012 11:11
Es wird nach 4205569 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : 2212046140-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHARMIANATHOME
Versionsinformationen:
BUILD.DAT : 12.0.0.1128 48679 Bytes 18.07.2012 18:52:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 31.07.2012 08:38:36
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.06.2012 21:41:47
LUKE.DLL : 12.3.0.15 68304 Bytes 18.06.2012 21:42:07
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.06.2012 21:42:29
AVREG.DLL : 12.3.0.17 232200 Bytes 18.06.2012 21:42:28
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 11:47:38
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:47:48
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:20:45
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:10:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:46:58
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:02:04
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:02:04
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:02:04
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:02:04
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:02:04
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:02:04
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:02:04
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:02:04
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:02:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 19:09:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 08:41:29
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 21:34:45
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 08:39:10
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 07:02:28
VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 15:30:03
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 19:30:03
VBASE021.VDF : 7.11.39.207 165888 Bytes 14.08.2012 16:06:37
VBASE022.VDF : 7.11.40.9 156160 Bytes 16.08.2012 18:37:57
VBASE023.VDF : 7.11.40.49 133120 Bytes 17.08.2012 20:19:08
VBASE024.VDF : 7.11.40.95 156160 Bytes 20.08.2012 14:34:43
VBASE025.VDF : 7.11.40.155 181760 Bytes 22.08.2012 08:34:58
VBASE026.VDF : 7.11.40.205 203264 Bytes 23.08.2012 13:03:01
VBASE027.VDF : 7.11.41.29 188416 Bytes 27.08.2012 20:18:40
VBASE028.VDF : 7.11.41.87 250368 Bytes 30.08.2012 10:36:12
VBASE029.VDF : 7.11.41.88 2048 Bytes 30.08.2012 10:36:12
VBASE030.VDF : 7.11.41.89 2048 Bytes 30.08.2012 10:36:12
VBASE031.VDF : 7.11.41.134 215040 Bytes 02.09.2012 09:10:03
Engineversion : 8.2.10.150
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:17:30
AESCRIPT.DLL : 8.1.4.46 455034 Bytes 24.08.2012 13:03:05
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 08:19:39
AESBX.DLL : 8.2.5.12 606578 Bytes 18.06.2012 10:47:55
AERDL.DLL : 8.1.9.15 639348 Bytes 18.09.2011 11:57:45
AEPACK.DLL : 8.3.0.32 811382 Bytes 24.08.2012 13:03:05
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 14:09:42
AEHEUR.DLL : 8.1.4.94 5230967 Bytes 30.08.2012 10:36:13
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 13:01:45
AEGEN.DLL : 8.1.5.36 434549 Bytes 24.08.2012 13:03:01
AEEXP.DLL : 8.1.0.84 90485 Bytes 30.08.2012 10:36:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:17:29
AECORE.DLL : 8.1.27.4 201078 Bytes 07.08.2012 10:39:27
AEBB.DLL : 8.1.1.0 53618 Bytes 05.01.2011 11:47:51
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.06.2012 21:41:28
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.06.2012 21:41:47
AVREP.DLL : 12.3.0.15 179208 Bytes 18.06.2012 21:42:29
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.06.2012 21:41:36
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.06.2012 21:41:38
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.06.2012 21:42:15
AVSMTP.DLL : 12.3.0.32 63992 Bytes 31.07.2012 08:38:36
NETNT.DLL : 12.3.0.15 17104 Bytes 18.06.2012 21:42:10
RCIMAGE.DLL : 12.3.0.31 4819704 Bytes 31.07.2012 08:38:35
RCTEXT.DLL : 12.3.0.31 100088 Bytes 31.07.2012 08:38:35
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 2. September 2012 11:11
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'EXCEL.EXE' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteTray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Evernote.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteClipper.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'PfuSsMon.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'CardLauncher.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SsWiaChecker.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3373' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
[0] Archivtyp: ZIP
--> xmltree/armin.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
--> xmltree/opkat.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
[0] Archivtyp: ZIP
--> eel.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CD
--> nit.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
C:\Users\***\Downloads\avira_internet_security_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5596cc02.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d05e3b7.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f5ab95f.qua' verschoben!
Ende des Suchlaufs: Sonntag, 2. September 2012 15:45
Benötigte Zeit: 4:32:29 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40655 Verzeichnisse wurden überprüft
893035 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
893030 Dateien ohne Befall
15720 Archive wurden durchsucht
1 Warnungen
3 Hinweise
523997 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter OTL logfile created on: 02.09.2012 17:15:53 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Documents\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 48,85% Memory free 6,50 Gb Paging File | 4,70 Gb Available in Paging File | 72,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1397,17 Gb Total Space | 1139,55 Gb Free Space | 81,56% Space Free | Partition Type: NTFS Computer Name: CHARMIANATHOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe PRC - [2012.08.30 08:54:47 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.08.14 10:42:56 | 011,639,136 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\Evernote.exe PRC - [2012.08.14 10:42:56 | 000,391,520 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteTray.exe PRC - [2012.07.31 10:38:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.19 19:30:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.06.18 23:41:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\CardMinder\CardLauncher.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2009.09.30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 08:54:47 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.07.31 09:35:18 | 021,007,360 | ---- | M] () -- C:\Programme\Evernote\Evernote\libcef.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.23 10:34:28 | 000,344,064 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsConfig.dll MOD - [2009.10.15 10:02:00 | 000,233,472 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsExtention.dll MOD - [2008.11.12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\CardPath.dll MOD - [2008.09.10 14:04:20 | 000,069,632 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll MOD - [2007.06.26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2003.03.26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll ========== Services (SafeList) ========== SRV - [2012.08.30 08:54:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.15 10:58:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.01.25 00:57:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012.06.18 23:42:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.06.18 23:42:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.18 23:42:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.06.18 23:42:26 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2012.06.18 23:42:26 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.06.18 23:42:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 03:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2003.04.22 15:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 05 6D 1D 22 7A CD 01 [binary data] IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{6FDFE877-99EB-47A4-9D1A-F876293661E1}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.04.14 12:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.14 09:43:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions [2011.07.10 11:49:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.17 19:56:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.08 12:32:24 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.23 11:58:17 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2011.04.26 14:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp [2011.12.10 09:07:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com [2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\trash [2012.09.01 02:25:13 | 000,002,533 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\diigo--google.xml [2011.03.08 12:55:45 | 000,002,313 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\downloadhelper-safe-videos.xml [2011.11.13 10:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.05 10:29:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.22 13:41:16 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.04.13 09:25:38 | 002,935,635 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI [2012.08.25 09:01:35 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.07.12 10:39:49 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.08.12 19:23:51 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI [2012.07.02 08:53:52 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.08.30 08:54:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.14 07:33:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.14 07:33:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.14 07:33:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.14 07:33:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.14 07:33:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Dragosien Resourcenindikatoren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmeegekipmnabmgkbdbenggnmgnbefm\1.0_0\ CHR - Extension: Diigo Bookmark, Archive, Highlight & Sticky-Note = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\1.6.3.5_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Programme\Yammer\Yammer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABE0942-33AB-42F7-BEA4-3076B88ABFB9}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 15:52:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.08.15 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.08.06 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\phenomedia [2012.08.06 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Remake [2010.06.26 16:16:40 | 016,527,250 | ---- | C] (Palm, Inc.) -- C:\Program Files\PalmDesktop41SP03DEU.exe ========== Files - Modified Within 30 Days ========== [2012.09.02 17:04:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job [2012.09.02 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.02 16:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.02 16:04:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job [2012.09.02 15:55:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.09.02 13:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 09:43:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.02 09:43:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 07:55:28 | 000,000,929 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk [2012.08.26 10:37:59 | 001,755,986 | ---- | M] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:55 | 000,627,715 | ---- | M] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:54:54 | 002,163,010 | ---- | M] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:54:08 | 000,471,310 | ---- | M] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:53:38 | 000,668,499 | ---- | M] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.16 12:51:32 | 000,052,433 | ---- | M] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 07:27:56 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 21:30:27 | 000,022,873 | ---- | M] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF [2012.08.07 12:01:04 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.07 12:01:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.07 12:01:04 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.07 12:01:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.06 17:11:08 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk ========== Files Created - No Company Name ========== [2012.09.02 15:55:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.26 10:33:09 | 001,755,986 | ---- | C] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:54 | 000,627,715 | ---- | C] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:44:59 | 000,471,310 | ---- | C] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:44:29 | 000,052,433 | ---- | C] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 12:44:02 | 002,163,010 | ---- | C] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:43:38 | 000,668,499 | ---- | C] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.13 21:30:27 | 000,022,873 | ---- | C] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF [2012.08.06 17:11:04 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk [2012.01.24 23:25:05 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.04.26 13:49:52 | 000,000,807 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.02.11 12:55:07 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI [2010.12.20 18:21:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.09.05 10:33:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.10 11:45:54 | 000,002,264 | ---- | C] () -- C:\Users\***\.powerupdate.user.properties [2010.08.05 15:30:52 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools [2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv [2012.09.02 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate [2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu [2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync [2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop [2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1 [2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google [2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU [2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE [2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2 [2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer [2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono [2012.06.03 12:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 15:57:53 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\xxx\Documents\Canon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,08% Memory free
6,50 Gb Paging File | 5,17 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1139,56 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Computer Name: CHARMIANATHOME | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25B67894-2B5A-4B99-9279-3F758C110F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B0400AE-4D10-4779-BAD2-0F9837D0DB2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49108FD2-058C-4787-96F2-D1A9A735655A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{602D20F8-FA9A-46BD-9F3E-70005D271A3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{639C176E-091D-4C71-BE65-8D345D774EB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{66A1ECB7-1460-452E-A6D4-4BD43E6B9016}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D8F2C53-237B-458D-9EE9-B39A1FBE54B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F9D3FE3-0BF0-4269-9B97-8650E43EA656}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{709EE42E-92B8-463B-81EF-C963F715F664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B5AD23B-3DF0-4D32-9BE1-795FF3CDE24A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A985EA-1461-4838-8D37-CDEE81F34CBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9900E08E-9A8F-4147-9D0D-1279E307FEFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A76940BE-358A-4434-8EA6-B212FB2C793F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1AEA28E-AFDD-4BCF-B250-D21AB059739A}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4FFB84E-3FA3-472D-89A8-0AF843DDD934}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE048F70-4845-48CC-9F12-0C0CB29C22B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBDA0035-4950-4776-91A8-DF441957ED37}" = rport=139 | protocol=6 | dir=out | app=system |
"{D01B383F-DF89-4690-B6D8-E0AFA8D27EB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D10F5169-9E25-4CDE-A195-A444F74E70A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D312C754-C405-4457-AD1E-22608F1B190F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3E100CB-2CED-44AD-865C-F88CCA6374D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E03CD8B9-A17C-40EA-A164-A966E63022BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF573063-0330-4AA3-AF89-5A49D0E023A3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9ECE2-15C1-48C5-85BE-620336DD56A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B8FE1A7-2510-46EF-9317-57EE9D4D56DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{109D230B-F242-4367-A5C2-F39DBF64C1D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19758405-2B1D-4E52-AF47-EE3597A257A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D04B79A-067F-42A7-8593-0F93898727EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A53F95E-46F6-436A-ACE8-F41ABAAFB520}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{369BC984-B2ED-4411-9404-08277BBB2405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470BABAD-FD1C-4962-9CAD-970526772999}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{483684CB-E2F8-485F-B1ED-90885CE84618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69F925F3-378E-4974-B37E-D57C5D1D6583}" = protocol=6 | dir=out | app=system |
"{6C06E710-2C5D-4C19-A9D6-7A99D722D196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FEAD8CE-A37E-43B8-B0C2-54E6581217E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9050A77C-724B-48C0-822A-AF8E0CF088BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98C24B25-BB6D-4EB1-93AD-808183A41755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A837037B-3EC6-4CB3-AE06-42CBE3EC0FE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6013B50-751E-45E9-B3A9-355307A0A162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9AB03BD-5D48-4887-B708-00F15240EE0E}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{C859F6A5-7C10-4BFC-B30D-1BF1DF417B43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF698427-FA65-40AC-901C-971C7D7ED87E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E19A95B3-63DC-445A-ADEB-487A77ECEEA0}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3925394-2FEC-49E8-B111-2D71BAEB6C55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E40413D9-EB16-48A1-8F7D-297AFF006D69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBE0392C-E82B-47AF-A79A-95CFF7A396F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02FEB17-36E6-4F4D-989F-00BC65A53BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9FCC044-B571-4818-B2D7-7A38D8239BF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{078500FA-82F7-4E47-B8A0-7CCB6A8C6CC3}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2402836B-5610-402E-BB83-BCEB1861F0E8}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{6914A0D7-EE07-416A-A947-89B4358AC32E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A597A3E7-C023-4E68-B96B-719D59278D4A}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{1704B021-0D97-48C1-8117-E98C7C8D01BE}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{2B95394F-DB36-48CD-B104-494370777A77}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4CAD67F1-A22E-43CA-824E-F1C7834324A4}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{7D746085-27C6-4044-AFAA-1AF42BB476EA}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}" = ScanSnap
"{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}" = Gapminder Desktop
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{33288D2D-FDA1-449C-B226-7ABBBA342EEA}" = Dba2Csv
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility
"{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}" = ScanSnap Organizer
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F51CDE0-1391-878A-C593-BD340AD9D0DE}" = TweetDeck
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FF95752-5AD1-4C4A-9785-FAB80E499BB2}_is1" = Wimpomat 2.9
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese
"{8DCD0779-8811-4060-9227-871E2FD48E45}" = CardMinder V4.1
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish
"{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian
"{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation
"{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English
"{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian
"{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New
"{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish
"{FB400000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Finanzplan in Excel Version 3.2.02" = Finanzplan in Excel Version 3.2.02
"FormatFactory" = FormatFactory 2.60
"Free Studio_is1" = Free Studio version 5.0.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1" = Gapminder Desktop
"Totalcmd" = Total Commander (Remove or Repair)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xilisoft iPad Magic" = Xilisoft iPad Magic
"Yammer" = Yammer
"Yoono Desktop_is1" = Yoono Desktop 1.8.16
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9033
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9033
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029
Error - 12.12.2011 10:12:58 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ OSession Events ]
Error - 08.10.2011 09:08:51 | Computer Name = charmianathome | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.07.2012 15:37:28 | Computer Name = charmianathome | Source = BROWSER | ID = 8032
Description =
Error - 13.07.2012 03:58:37 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
Error - 14.07.2012 03:46:18 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 16.07.2012 18:23:23 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 05.08.2012 14:38:59 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 05.08.2012 14:39:29 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
Error - 07.08.2012 05:59:48 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 09.08.2012 03:58:52 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 13.08.2012 17:45:28 | Computer Name = charmianathome | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=32)
beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-LanguagePackSetup/Operational"
erkannt.
Error - 31.08.2012 03:10:01 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 08:43:20
Windows 6.1.7601 Service Pack 1
Running: t3x65s7e.exe; Driver: C:\Users\JUDITH~1\AppData\Local\Temp\kwlcqpob.sys
---- System - GMER 1.0.15 ----
SSDT 91C884F6 ZwCreateSection
SSDT 91C884CE ZwCreateSymbolicLinkObject
SSDT 91C884D3 ZwLoadDriver
SSDT 91C884C9 ZwOpenSection
SSDT 91C88500 ZwRequestWaitReplyPort
SSDT 91C884FB ZwSetContextThread
SSDT 91C88505 ZwSetSecurityObject
SSDT 91C884D8 ZwSetSystemInformation
SSDT 91C8850A ZwSystemDebugControl
SSDT 91C88497 ZwTerminateProcess
SSDT 91C88492 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E453C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E85EAC 4 Bytes [F6, 84, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82E85EB4 4 Bytes [CE, 84, C8, 91] {INTO ; TEST AL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82E85FC8 4 Bytes [D3, 84, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82E86064 4 Bytes [C9, 84, C8, 91] {LEAVE ; TEST AL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E86208 4 Bytes [00, 85, C8, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9223B000, 0x2D293E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f607f0a8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f607f0a8 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Ich wäre sehr froh, wenn mir jemand weiterhelfen könnte. Herzlichen Dank im Voraus und viele Grüße Judith |
|
04.09.2012, 20:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antivir blockt mor.exe Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
05.09.2012, 08:53
| #3 |
| | Antivir blockt mor.exe Hallo Cosinus,
__________________herzlichen Dank für die Antwort. Was ich in meinem ersten Post vergessen hatte - ich habe auch nach Anweisung Defogger heruntergeladen und dort den Disable Button betätigt - falls das wichtig sein sollte. Hier kommen nun die gewünschten Logfiles - ich habe gesehen, dass dort auch Softonic auftaucht - hab ich hier im Forum gelernt, dass man das nicht nutzen sollte, werd ich nicht wieder tun... Logfile Malwarebyte alt (vom Februar 2012) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.06.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: CHARMIANATHOME [Administrator] 06.02.2012 22:28:11 mbam-log-2012-02-06 (22-28-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 472771 Laufzeit: 1 Stunde(n), 23 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.09.04.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: CHARMIANATHOME [Administrator] 04.09.2012 22:47:55 mbam-log-2012-09-04 (22-47-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 577234 Laufzeit: 3 Stunde(n), 39 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=12c10ae235a54f43bedcd176919a85c0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-05 07:35:26
# local_time=2012-09-05 09:35:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 6735972 6735972 0 0
# compatibility_mode=5893 16776574 100 94 39186116 98453098 0 0
# compatibility_mode=8192 67108863 100 0 410 410 0 0
# scanned=392534
# found=15
# cleaned=0
# scan_time=8618
C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\Xilisoft FileBulldog.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe probably a variant of Win32/Adware.DWTYODG application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader42591.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
Judith |
|
05.09.2012, 14:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exeCode:
ATTFilter C:\Users\***\Downloads\SoftonicDownloader42591.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.09.2012, 15:23
| #5 |
| | Antivir blockt mor.exe hier die Logfile von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/05/2012 um 16:17:48 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Yontoo
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\***\AppData\Local\TempDir
Ordner Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\Software\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3476 octets] - [05/09/2012 16:17:48]
########## EOF - C:\AdwCleaner[R1].txt - [3536 octets] ##########
|
|
05.09.2012, 15:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exe adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> Antivir blockt mor.exe |
|
05.09.2012, 15:59
| #7 |
| | Antivir blockt mor.exe hier kommt die AdwCleaner Logdatei: Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/05/2012 um 16:50:30 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\***\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3605 octets] - [05/09/2012 16:17:48]
AdwCleaner[S1].txt - [3901 octets] - [05/09/2012 16:50:30]
########## EOF - C:\AdwCleaner[S1].txt - [3961 octets] ##########
|
|
06.09.2012, 10:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exe Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2012, 13:59
| #9 |
| | Antivir blockt mor.exe zu 1. Windows hat zum Glück immer uneingeschränkt funktioniert zu 2. im Startmenü ist alles vorhanden, soweit ich sehe |
|
06.09.2012, 15:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exe Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2012, 17:48
| #11 |
| | Antivir blockt mor.exe hier kommt das Log Code:
ATTFilter OTL logfile created on: 06.09.2012 17:59:10 - Run 4 OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\***\Documents\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 81,18% Memory free 6,50 Gb Paging File | 5,38 Gb Available in Paging File | 82,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1397,17 Gb Total Space | 1138,73 Gb Free Space | 81,50% Space Free | Partition Type: NTFS Computer Name: CHARMIANATHOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.06 17:54:11 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.07.31 10:38:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.19 19:30:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.06.18 23:41:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\CardMinder\CardLauncher.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2009.09.30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.23 10:34:28 | 000,344,064 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsConfig.dll MOD - [2009.10.15 10:02:00 | 000,233,472 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsExtention.dll MOD - [2008.11.12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\CardPath.dll MOD - [2008.09.10 14:04:20 | 000,069,632 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll MOD - [2007.06.26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2003.03.26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll ========== Services (SafeList) ========== SRV - [2012.09.03 15:40:27 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.30 08:54:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.01.25 00:57:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012.06.18 23:42:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.06.18 23:42:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.18 23:42:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.06.18 23:42:26 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2012.06.18 23:42:26 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.06.18 23:42:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 03:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2003.04.22 15:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 05 6D 1D 22 7A CD 01 [binary data] IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{6FDFE877-99EB-47A4-9D1A-F876293661E1}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0 FF - prefs.js..extensions.enabledAddons: lazarus@interclue.com:2.3 FF - prefs.js..extensions.enabledAddons: readable@evernote.com:6.3337.321.777 FF - prefs.js..extensions.enabledAddons: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.7.10 FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.1.0.252437 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.0 FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.04.14 12:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.14 09:43:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.09.05 16:50:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions [2011.07.10 11:49:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.17 19:56:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.08 12:32:24 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.23 11:58:17 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2011.04.26 14:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp [2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\trash [2012.07.12 10:39:49 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\isreaditlater@ideashower.com.xpi [2011.08.12 19:23:51 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\lazarus@interclue.com.xpi [2012.07.02 08:53:52 | 000,382,926 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\readable@evernote.com.xpi [2012.08.30 15:15:12 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.07.25 23:14:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.22 13:41:16 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.04.13 09:25:38 | 002,935,635 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi [2012.08.25 09:01:35 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.08.01 09:30:19 | 000,194,632 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\extensions\trash\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.09.01 02:25:13 | 000,002,533 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\searchplugins\diigo--google.xml [2011.03.08 12:55:45 | 000,002,313 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\bu1cut1c.default\searchplugins\downloadhelper-safe-videos.xml [2011.11.13 10:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.05 10:29:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.08.30 08:54:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.14 07:33:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.14 07:33:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.14 07:33:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.14 07:33:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.14 07:33:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Dragosien Resourcenindikatoren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmeegekipmnabmgkbdbenggnmgnbefm\1.0_0\ CHR - Extension: Diigo Bookmark, Archive, Highlight & Sticky-Note = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\1.6.3.5_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Programme\Yammer\Yammer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABE0942-33AB-42F7-BEA4-3076B88ABFB9}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: HotSync - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2DDEBB37-EF4B-B65D-718F-9FE2382B3287} - Microsoft Windows Media Player 12.0 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.05 07:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.05 07:03:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Documents\Desktop\esetsmartinstaller_enu.exe [2012.09.05 03:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 03:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.03 15:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.02 14:02:17 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.08.15 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2010.06.26 16:16:40 | 016,527,250 | ---- | C] (Palm, Inc.) -- C:\Program Files\PalmDesktop41SP03DEU.exe ========== Files - Modified Within 30 Days ========== [2012.09.06 18:04:05 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job [2012.09.06 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.06 17:54:11 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.09.06 17:36:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.06 17:36:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.06 16:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job [2012.09.06 07:18:18 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 07:18:18 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.06 07:11:36 | 000,000,929 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk [2012.09.06 07:10:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.06 07:10:37 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.09.05 16:13:12 | 000,511,265 | ---- | M] () -- C:\Users\***\Documents\Desktop\adwcleaner.exe [2012.09.05 07:02:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Documents\Desktop\esetsmartinstaller_enu.exe [2012.09.05 03:01:41 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.04 22:41:36 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.03 08:13:46 | 000,302,592 | ---- | M] () -- C:\Users\***\Documents\Desktop\t3x65s7e.exe [2012.09.02 15:55:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.08.26 10:37:59 | 001,755,986 | ---- | M] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:55 | 000,627,715 | ---- | M] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:54:54 | 002,163,010 | ---- | M] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:54:08 | 000,471,310 | ---- | M] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:53:38 | 000,668,499 | ---- | M] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.16 12:51:32 | 000,052,433 | ---- | M] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 07:27:56 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 21:30:27 | 000,022,873 | ---- | M] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF ========== Files Created - No Company Name ========== [2012.09.05 16:13:11 | 000,511,265 | ---- | C] () -- C:\Users\***\Documents\Desktop\adwcleaner.exe [2012.09.03 08:13:45 | 000,302,592 | ---- | C] () -- C:\Users\***\Documents\Desktop\t3x65s7e.exe [2012.09.02 15:55:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.26 10:33:09 | 001,755,986 | ---- | C] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:54 | 000,627,715 | ---- | C] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:44:59 | 000,471,310 | ---- | C] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:44:29 | 000,052,433 | ---- | C] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 12:44:02 | 002,163,010 | ---- | C] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:43:38 | 000,668,499 | ---- | C] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.13 21:30:27 | 000,022,873 | ---- | C] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF [2012.01.24 23:25:05 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.04.26 13:49:52 | 000,000,807 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.02.11 12:55:07 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI [2010.12.20 18:21:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.09.05 10:33:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.10 11:45:54 | 000,002,264 | ---- | C] () -- C:\Users\***\.powerupdate.user.properties [2010.08.05 15:30:52 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools [2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv [2012.09.06 07:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate [2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu [2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync [2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop [2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1 [2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google [2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU [2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE [2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2 [2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer [2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono [2012.06.03 12:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.07 12:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.10.16 16:05:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.06.27 14:10:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcsoft [2010.06.26 11:58:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI [2012.06.19 08:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools [2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv [2012.09.06 07:11:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate [2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu [2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync [2010.06.26 11:12:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2011.02.11 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.06.26 12:58:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.02.06 23:13:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.05.08 21:07:38 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop [2010.06.26 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1 [2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google [2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU [2012.09.05 06:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.06.08 00:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE [2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2 [2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer [2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.08.29 07:20:49 | 000,053,664 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_2AF17B85DA90EC7D8E5141.exe [2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_6C443FAACDF7E52BC0A168.exe [2010.06.27 13:57:21 | 000,004,286 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{33288D2D-FDA1-449C-B226-7ABBBA342EEA}\_6FEFF9B68218417F98F549.exe [2010.06.26 11:55:09 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}\ARPPRODUCTICON.exe [2010.06.26 16:19:22 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7DBBC522-F642-4D6C-A03F-22E49EB63437}\ARPPRODUCTICON.exe [2010.06.26 16:19:22 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{7DBBC522-F642-4D6C-A03F-22E49EB63437}\PalmDesktopShortcut.exe [2011.03.01 09:59:14 | 000,034,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp\content\getPlus_registrar.exe [2012.02.09 10:05:08 | 048,342,589 | ---- | M] () -- C:\Users\***\AppData\Roaming\Xilisoft\iPad Magic\x-ipad-magic.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < End of report > |
|
06.09.2012, 20:30
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exe Hm, da ist immer noch Toolbar-Müll drin Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.09.2012, 22:56
| #13 |
| | Antivir blockt mor.exe hier der neue AdwCleaner Log Code:
ATTFilter # AdwCleaner v2.000 - Datei am 09/06/2012 um 23:54:38 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - CHARMIANATHOME
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\***\Documents\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v21.0.1180.89
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3605 octets] - [05/09/2012 16:17:48]
AdwCleaner[S1].txt - [4030 octets] - [05/09/2012 16:50:30]
AdwCleaner[R2].txt - [1062 octets] - [06/09/2012 23:54:38]
########## EOF - C:\AdwCleaner[R2].txt - [1122 octets] ##########
|
|
07.09.2012, 10:58
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antivir blockt mor.exe Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
FF - user.js - File not found
[2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun
O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
:Files
C:\Program Files\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\All Users\Tarma Installer
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe
C:\Users\***\Downloads\SoftonicDownloader42591.exe
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.09.2012, 12:08
| #15 |
| | Antivir blockt mor.exe "all processes killed" klingt gut... Hier das OTL-Fix-Log: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6c56a7de-390a-11e1-9208-4061869a0bfa}\ not found.
File H:\AUTORUN.EXE not found.
========== FILES ==========
File\Folder C:\Program Files\Yontoo not found.
File\Folder C:\ProgramData\Tarma Installer not found.
File\Folder C:\Users\All Users\Tarma Installer not found.
File\Folder C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com not found.
C:\Users\***\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe moved successfully.
C:\Users\***\Downloads\SoftonicDownloader42591.exe moved successfully.
C:\Users\***\Downloads\SoftonicDownloader_for_pivot-stickfigure-animator.exe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Documents\Desktop\cmd.bat deleted successfully.
C:\Users\***\Documents\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 776080596 bytes
->Temporary Internet Files folder emptied: 265112673 bytes
->Java cache emptied: 36 bytes
->FireFox cache emptied: 1091528818 bytes
->Google Chrome cache emptied: 9363819 bytes
->Flash cache emptied: 188837 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 167149062 bytes
RecycleBin emptied: 5840243106 bytes
Total Files Cleaned = 7.772,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.0 log created on 09072012_121450
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Antivir blockt mor.exe |
| 7-zip, anlage, antivir, avira, bho, bonjour, converter, desktop, error, flash player, google, home, homepage, hängen, install.exe, langs, locker, logfile, mor.exe, mp3, object, office 2007, plug-in, programm, realtek, scan, security, senden, software, svchost.exe, taskhost.exe, total commander, verweise, virus, windows, wuauclt.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
