Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Firefox hat Viren im Pelz

Firefox hat Viren im Pelz


Plagegeister aller Art und deren Bekämpfung: Firefox hat Viren im Pelz

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 3 von 5 12 3 45
Alt 26.12.2012, 21:53   #31
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Mein nächster Vorschlag wäre, Firefox nochmal komplett zu desinstallieren und nicht mehr eine Beta, sondern die aktuelle Version zu verwenden. Ich habe die Beta installiert, weil der Update Checker mir das empfohlen hatte :/

Alt 26.12.2012, 21:54   #32
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Nein, hat damit nix zu tun.
__________________

__________________
Alt 26.12.2012, 22:31   #33
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


So, die OTL. TXT:
(Bemerkung: Sag mal, dieses komische Amazon for Desktop oder so habe ich aber nicht installiert )

Code:
ATTFilter
OTL logfile created on: 26.12.2012 21:56:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows 7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,56% Memory free
9,74 Gb Paging File | 8,96 Gb Available in Paging File | 91,98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 190,88 Gb Free Space | 82,00% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 52,45 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive F: | 13,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Windows 7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Stickies\shook70.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013\WNt500x86\Sandra.sys File not found
DRV - (DigiNet) -- system32\DRIVERS\diginet.sys File not found
DRV - (catchme) -- C:\Users\WINDOW~1\AppData\Local\Temp\catchme.sys File not found
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc.              )
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 74 2A D2 9B 85 CC 01  [binary data]
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\..\SearchScopes\{F3D27D94-9B5A-464E-98D7-BF88A0D63F86}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2494939295-118947492-3605075000-1007\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com"
FF - prefs.js..extensions.enabledAddons: twitternotifier%40naan.net:2.5.2
FF - prefs.js..extensions.enabledAddons: %7BC0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9%7D:0.7.2
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: google%40hitachi.com:0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_108.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.26 14:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.24 22:42:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.15 17:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.12.24 22:43:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 18.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Extensions
[2012.12.26 13:51:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Firefox\Profiles\uwyw5m4j.default\extensions
[2012.09.27 17:18:27 | 000,000,000 | ---D | M] (Echofon) -- C:\Users\Windows 7\AppData\Roaming\mozilla\Firefox\Profiles\uwyw5m4j.default\extensions\twitternotifier@naan.net
[2012.12.26 00:50:47 | 000,368,105 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\google@hitachi.com.xpi
[2012.12.24 22:42:41 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.08.29 20:16:47 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.10.03 20:20:46 | 000,202,016 | ---- | M] () (No name found) -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
[2012.12.26 01:04:00 | 000,005,998 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\discogs.xml
[2012.12.26 00:56:05 | 000,002,359 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\ebay-com.xml
[2012.12.26 01:07:52 | 000,004,915 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\flickr-commercial-licence.xml
[2012.12.26 00:57:05 | 000,007,814 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\google-bg.xml
[2012.12.26 00:59:10 | 000,002,315 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\google-default.xml
[2012.12.26 01:10:03 | 000,001,831 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\leo-deu-eng.xml
[2012.12.26 00:10:29 | 000,001,026 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\soundcloud.xml
[2012.12.26 00:10:29 | 000,001,094 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\urban-dictionary.xml
[2012.12.26 01:01:48 | 000,001,030 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\wikipedia-de.xml
[2012.12.26 00:10:29 | 000,002,168 | ---- | M] () -- C:\Users\Windows 7\AppData\Roaming\mozilla\firefox\profiles\uwyw5m4j.default\searchplugins\youtube-videosuche.xml
[2012.12.26 13:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.24 22:42:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.12.19 21:12:50 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.12.26 00:10:29 | 000,001,853 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Erster Nutzer = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Erster Nutzer = C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.12.26 14:45:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-2494939295-118947492-3605075000-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2494939295-118947492-3605075000-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F55F180-1D97-457A-8BA5-B2CF2F1C38C2}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {133B6B28-981D-25E5-598E-1D66090A5BA5} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EEE08017-8036-2658-0CE9-8B71872528E7} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe - (WIBU-SYSTEMS AG)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Windows 7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Users^Windows 7^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave1 - Digi32.dll File not found
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.26 21:53:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.exe
[2012.12.26 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.26 15:00:09 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.12.26 15:00:09 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.12.26 15:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.12.26 15:00:05 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.12.26 15:00:02 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.12.26 15:00:01 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.12.26 14:59:59 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.12.26 14:59:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.12.26 14:59:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.12.26 14:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.12.26 14:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.12.26 14:46:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.26 14:46:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.26 14:37:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.26 14:37:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.26 14:37:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.26 14:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.26 14:37:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.26 00:10:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2012.12.25 23:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.12.25 23:40:55 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.12.25 23:06:46 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2012.12.25 23:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll
[2012.12.25 23:05:13 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012.12.25 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.12.25 23:04:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 22:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
[2012.12.25 22:15:54 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2012.12.25 21:50:44 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.24 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.12.24 22:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012.12.24 22:37:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.12.24 22:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.24 22:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.12.23 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.12.23 13:27:30 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012.12.16 11:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012.12.16 11:38:06 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\System32\CamCodec.dll
[2012.12.16 11:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2012.12.13 14:58:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.13 14:58:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.13 14:58:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.13 14:58:38 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.13 14:58:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.13 14:58:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.13 14:58:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.13 14:58:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.13 12:17:02 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.13 12:16:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.13 12:16:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.13 12:16:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.13 12:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.13 12:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.13 12:16:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.13 12:16:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.13 12:16:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.13 12:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.13 12:16:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.13 12:16:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.13 12:16:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.13 12:16:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.13 12:16:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.26 21:53:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7\Desktop\OTL.exe
[2012.12.26 21:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.26 21:19:42 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 21:19:42 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.26 21:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.26 21:12:21 | 2615,861,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 14:59:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.12.26 14:45:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.26 13:39:32 | 297,037,157 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.12.26 00:41:45 | 000,004,489 | -H-- | M] () -- C:\Windows\System32\BTImages.dat
[2012.12.25 23:12:04 | 000,000,224 | ---- | M] () -- C:\Windows\System32\9B13A86D.plf
[2012.12.24 22:44:37 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.12.24 22:42:30 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.24 09:11:06 | 002,334,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.23 13:27:30 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.12.23 12:19:57 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.12.22 23:44:59 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.22 23:44:59 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.22 23:44:59 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.22 23:44:59 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

 
========== Files Created - No Company Name ==========
 
[2012.12.26 14:37:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.26 14:37:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.26 14:37:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.26 14:37:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.26 14:37:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.26 13:39:32 | 297,037,157 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.12.25 23:24:12 | 000,004,489 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2012.12.25 23:05:14 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.12.25 22:24:47 | 000,000,224 | ---- | C] () -- C:\Windows\System32\9B13A86D.plf
[2012.12.23 13:27:30 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.11.04 14:35:45 | 000,001,456 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.09.27 18:48:55 | 000,017,408 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\WebpageIcons.db
[2012.05.06 09:33:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.03.13 13:22:23 | 000,007,608 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\Resmon.ResmonCfg
[2012.02.06 15:12:07 | 000,005,632 | ---- | C] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.25 21:37:15 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.01.25 21:37:15 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.01.25 21:37:12 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.01.25 21:31:41 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.01.15 22:27:46 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2012.01.15 22:19:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2011.12.03 14:52:49 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011.10.09 18:46:34 | 002,334,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.18 06:29:13 | 000,000,000 | ---D | M] -- C:\Users\Windows\AppData\Roaming\CheckPoint
[2012.01.21 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Bigasoft Audio Converter
[2012.12.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\CheckPoint
[2011.12.18 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner
[2011.12.18 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner Pro
[2012.12.25 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.06.07 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\FileZilla
[2012.12.24 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.06.12 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mp3tag
[2012.12.25 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.25 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2011.10.07 14:40:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OpenOffice.org
[2012.12.25 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2011.12.20 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\ProtectDisc
[2012.01.26 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Publish Providers
[2012.02.26 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\stickies
[2011.11.22 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Thunderbird
[2012.05.24 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Windows 
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.26 14:46:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.14 20:27:22 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.03.13 13:26:26 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.26 21:10:28 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.26 21:12:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.26 14:46:30 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.10.07 14:31:51 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.12.26 21:57:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.26 13:29:52 | 000,000,000 | ---D | M] -- C:\Temp
[2012.12.26 14:38:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 14:59:48 | 000,000,000 | ---D | M] -- C:\Windows
 
< %SYSTEMDRIVE%\*.* >
[2012.12.26 13:51:36 | 000,021,449 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012.12.26 14:46:28 | 000,012,832 | ---- | M] () -- C:\ComboFix.txt
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012.12.26 21:12:21 | 2615,861,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.26 21:12:32 | 3487,817,728 | -HS- | M] () -- C:\pagefile.sys
[2012.12.25 19:46:06 | 000,212,523 | ---- | M] () -- C:\Rapvideos Semesterarbeit.odt
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
Invalid Environment Variable: PROGRAMFILES(X86)
 
< %appdata%\*.  >
[2012.05.20 00:22:12 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Adobe
[2012.02.21 14:50:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Apple Computer
[2012.01.21 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Bigasoft Audio Converter
[2012.12.24 22:38:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\CheckPoint
[2011.12.18 01:29:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner
[2011.12.18 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DeepBurner Pro
[2012.12.25 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
[2012.06.07 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\FileZilla
[2012.12.24 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Reader
[2012.06.12 23:14:00 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Foxit Software
[2011.10.07 14:32:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Identities
[2011.12.03 01:12:26 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Malwarebytes
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Media Center Programs
[2012.12.21 00:42:56 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Media Player Classic
[2012.02.14 20:44:08 | 000,000,000 | --SD | M] -- C:\Users\Windows 7\AppData\Roaming\Microsoft
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mozilla
[2012.07.16 22:52:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Mp3tag
[2011.11.29 00:34:08 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\NVIDIA
[2012.12.25 23:04:58 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OCS
[2012.12.25 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
[2012.12.25 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
[2011.10.07 14:40:38 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\OpenOffice.org
[2012.12.25 23:06:46 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Opera
[2011.12.20 15:09:34 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\ProtectDisc
[2012.01.26 10:32:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Publish Providers
[2011.11.30 16:10:37 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Realtime Soft
[2012.02.26 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\stickies
[2011.11.22 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Thunderbird
[2012.12.16 11:38:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\vlc
[2012.05.24 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\Winamp
[2011.12.02 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Roaming\WinRAR
 
< %appdata%\*.*  >
 
< %localappdata%\*.  >
[2012.04.04 11:26:19 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Adobe
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Anwendungsdaten
[2012.02.21 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apple
[2012.04.24 01:05:35 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apple Computer
[2012.12.25 22:35:19 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Apps
[2012.02.16 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\DFX
[2012.12.24 22:36:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Diagnostics
[2011.12.07 12:51:01 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Downloaded Installations
[2012.12.24 22:36:11 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\ElevatedDiagnostics
[2012.10.01 09:16:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Facebook
[2012.06.12 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Google
[2012.06.09 08:23:09 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Macromedia
[2012.01.28 01:05:39 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Microsoft
[2011.11.22 22:12:14 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Mozilla
[2012.11.09 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Programs
[2011.12.03 01:03:42 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Temp
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Temporary Internet Files
[2012.06.09 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Thinstall
[2012.12.24 22:43:48 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Thunderbird
[2012.11.09 15:45:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Unity
[2011.10.07 14:32:01 | 000,000,000 | -HSD | M] -- C:\Users\Windows 7\AppData\Local\Verlauf
[2012.06.15 00:05:05 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\VirtualStore
[2012.09.27 18:49:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7\AppData\Local\Zattoo
 
< %localappdata%\*.* >
[2012.11.04 14:35:45 | 000,001,456 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.06.14 23:17:52 | 000,005,632 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.23 23:52:27 | 000,116,488 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.12.26 21:11:37 | 008,448,508 | -H-- | M] () -- C:\Users\Windows 7\AppData\Local\IconCache.db
[2012.03.13 13:22:23 | 000,007,608 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\Resmon.ResmonCfg
[2012.09.27 18:49:49 | 000,017,408 | ---- | M] () -- C:\Users\Windows 7\AppData\Local\WebpageIcons.db
 
< %allusersprofile%\*.  >
[2012.09.27 18:48:26 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2012.02.21 12:27:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2012.02.21 12:23:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012.12.26 14:59:37 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012.12.25 22:21:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Cached Installations
[2012.03.14 15:23:01 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012.02.21 11:32:05 | 000,000,000 | ---D | M] -- C:\ProgramData\FLEXnet
[2011.12.18 12:52:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2012.05.06 09:34:25 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2012.04.25 13:32:55 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2012.12.26 21:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA
[2011.10.07 15:07:24 | 000,000,000 | ---D | M] -- C:\ProgramData\NVIDIA Corporation
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2011.10.07 14:39:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012.12.24 22:32:08 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011.10.07 14:31:50 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012.01.25 21:29:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Win7codecs
 
< %allusersprofile%\*.* >
[2012.01.15 22:27:46 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1288 bytes -> C:\ProgramData\Microsoft:FDUDNXZGOnVo2KkJszdkQL

< End of report >
Und die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 26.12.2012 21:56:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Windows 7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 76,56% Memory free
9,74 Gb Paging File | 8,96 Gb Available in Paging File | 91,98% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 190,88 Gb Free Space | 82,00% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 52,45 Gb Free Space | 35,19% Space Free | Partition Type: NTFS
Drive F: | 13,13 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WINDOWS7-PC | User Name: Windows 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008CB89E-5CF5-4850-A985-F7E3D0005796}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{09123A01-6FD6-45B9-A475-8D76CDEEF17A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0F8DCDB1-3FC7-4238-96D0-5A0EC0070F91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{16FF2226-CA5C-45F9-A0A2-D98441501B06}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E0220F3-7502-4AE6-9300-A96403C4AF4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3CE69D1B-0F94-422B-A3AB-412A2174937B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47BCF276-AC3C-4CF9-B010-9F5B548E2FC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5294FE72-C824-4F63-A390-78487B148357}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{56A2B222-457F-4943-B8D4-EBF3AD71E43B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{652A44C5-B0CC-4D82-9E00-5CC3D8361597}" = lport=445 | protocol=6 | dir=in | app=system | 
"{85086E54-F96D-4155-948B-78B8D79FAC57}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8A026B16-E4A1-444D-B2CC-1505B862EC53}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AC0D9412-59E0-4B71-80D6-930E560E3DF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CD01C810-0D83-4468-BFB5-6127158C4676}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26CC261A-131C-4CFE-B5A4-D2CDA1847F03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{59D1045C-2E10-40A0-AC0E-B4030A4CE86E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5DB42C2A-0209-4B30-BA43-ECB8B7CDE6AC}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{82AF60C2-3919-48D5-9143-2389BB4E7CC9}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe | 
"{897BE1A4-150D-4074-B66E-6FD39282EFE8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{960F8E06-D23C-4165-B1A4-01B20D6B074F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8382DD7-B435-4B72-86D8-E11CA2632463}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{F925A354-D7CA-4565-965F-9C2DAA5A8FFE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{2D2461BD-E260-41B6-AF9A-FFAACD7E6698}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{52F24447-4DD4-4081-9407-89529686599A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{3498525E-AC75-48E7-8DB8-9A707DDDCF13}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{7ED5CCCF-021A-4903-B517-F61145779910}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0E49A356-E4F2-4A3F-8243-2FF7A2588066}" = Authorizer Ignition Key Support
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D8A751-F5E6-11E0-9DE8-005056C00008}" = MSVCRT Redists
"{C0E3B891-B7C3-11E0-A2BD-001320F83A25}" = MSVCRT Redists
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"Mozilla Thunderbird 18.0 (x86 en-US)" = Mozilla Thunderbird 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.51
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"VLC media player" = VLC media player 2.0.2
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
"ZhornStickies" = Stickies 7.1b
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2494939295-118947492-3605075000-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.11.2012 17:54:00 | Computer Name = Windows7-PC | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 03.12.2012 04:55:55 | Computer Name = Windows7-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 05.12.2012 17:54:01 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000017  Fehleroffset: 0x0007dcc9  ID des fehlerhaften
 Prozesses: 0x424  Startzeit der fehlerhaften Anwendung: 0x01cdd3173d6e5f01  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 47169e8c-3f26-11e2-98d6-001e90b7e486
 
Error - 06.12.2012 21:32:30 | Computer Name = Windows7-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.3.3235 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1db0    Startzeit:
 01cdd41a73e5f039    Endzeit: 20    Anwendungspfad: C:\Program Files\Winamp\winamp.exe    Berichts-ID:
 c7a1863e-400d-11e2-a736-001e90b7e486  
 
Error - 06.12.2012 22:10:47 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_5_502_131.exe,
 Version: 11.5.502.131, Zeitstempel: 0x50b2d900  Name des fehlerhaften Moduls: ntdll.dll,
 Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0001f9ea  ID des fehlerhaften Prozesses: 0x88c  Startzeit der fehlerhaften Anwendung:
 0x01cdd3e9320bd564  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_131.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 503a41e9-4013-11e2-a736-001e90b7e486
 
Error - 09.12.2012 14:00:01 | Computer Name = Windows7-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 09.12.2012 15:34:09 | Computer Name = Windows7-PC | Source = Windows Search Service | ID = 1019
Description = 
  
Error - 13.12.2012 19:13:25 | Computer Name = Windows7-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7a278  Name des fehlerhaften Moduls: audioeng.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bd97c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047e13  ID des fehlerhaften
 Prozesses: 0x430  Startzeit der fehlerhaften Anwendung: 0x01cdd964a850ebb6  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\AUDIODG.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\audioeng.dll  Berichtskennung: b18f9bbd-457a-11e2-b5b9-001e90b7e486
 
[ System Events ]

Error - 26.12.2012 09:38:16 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
   %%299
 
Error - 26.12.2012 09:39:24 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.12.2012 09:42:47 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.12.2012 09:45:15 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 26.12.2012 16:10:17 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
Error - 26.12.2012 16:10:19 | Computer Name = Windows7-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Hotspot Shield Monitoring Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
< End of report >
__________________
Alt 26.12.2012, 22:34   #34
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Dann kannst du das schon mal entfernen, während ich das hier durchsehe.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.12.2012, 22:42   #35
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Interessant. Ich hab die Datei mehrfach löschen wollen und bin dann auf folgendes gestoßen: . Auf dem Desktop war kein Symbol oder sowas. Ich hab die Spur weiter verfolgt und folgendes Verzeichnis gefunden (Nein ich benutze kein Zattoo und weiß nicht, was der Rest sein soll):


Mein erster Impuls wäre jetzt, den ganzen Driss zu löschen


Alt 26.12.2012, 22:49   #36
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Na man muss die Driss leider erstmal richtig einkreisen ...

Hast du vor ein paar Tagen den Foxit Reader installiert?
__________________
--> Firefox hat Viren im Pelz

Alt 26.12.2012, 22:50   #37
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Ausserdem:

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :dir 
C:\Users\Windows 7\AppData\Roaming\Opera
C:\Program Files\InstallShield Installation Information
C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon
C:\Users\Windows 7\AppData\Roaming\OCS
C:\ProgramData\Cached Installations
C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641
C:\Users\Windows 7\AppData\Roaming\OfficeRecovery
C:\Users\Windows 7\AppData\Roaming\Foxit Reader
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.12.2012, 22:51   #38
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Den Foxit habe ich vor etwa 2 Tagen aktualisiert. Soll ich diese Dateien jetzt löschen oder nicht ?

Hier das Logfile:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 26/12/2012 by Windows 7
Administrator - Elevation successful

No Context: Code:

========== dir ==========

C:\Users\Windows 7\AppData\Roaming\Opera - Parameters: "(none)"

---Files---
None found.

---Folders---
Opera	d------	[22:06 25/12/2012]

C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll - Unable to find folder.

C:\Program Files\InstallShield Installation Information - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon - Parameters: "(none)"

---Files---
ama.ico	--a---- 360518 bytes	[22:05 25/12/2012]	[22:05 25/12/2012]
IconForAmazon.exe	--a---- 753664 bytes	[22:05 25/12/2012]	[22:05 25/12/2012]

---Folders---
None found.

C:\Users\Windows 7\AppData\Roaming\OCS - Parameters: "(none)"

---Files---
None found.

---Folders---
SM	d------	[22:04 25/12/2012]

C:\ProgramData\Cached Installations - Parameters: "(none)"

---Files---
None found.

---Folders---
{E472E726-B8D2-4B6D-9A37-0AE08EA2B042}	d------	[21:21 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641 - Parameters: "(none)"

---Files---
None found.

---Folders---
psr	d------	[20:50 25/12/2012]
Reports	d------	[20:51 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery - Parameters: "(none)"

---Files---
None found.

---Folders---
psr	d------	[20:50 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\Foxit Reader - Parameters: "(none)"

---Files---
reader_update_req.xml	--a---- 503 bytes	[21:51 24/12/2012]	[21:51 24/12/2012]

---Folders---
None found.

 - Unable to find folder.

-= EOF =-

Alt 26.12.2012, 22:52   #39
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Du machst bitte nichts alleine. Das ist eine neue Infektion und ich will die Dateien auf jedenfall noch untersuchen, also sei bitte geduldig, du hilft damit sehr vielen Leuten nach dir
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.12.2012, 22:53   #40
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Sorry

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 22:51 on 26/12/2012 by Windows 7
Administrator - Elevation successful

No Context: Code:

========== dir ==========

C:\Users\Windows 7\AppData\Roaming\Opera - Parameters: "(none)"

---Files---
None found.

---Folders---
Opera	d------	[22:06 25/12/2012]

C:\ProgramData\MicrosoftC:\Windows\System32\dhRichClient3.dll - Unable to find folder.

C:\Program Files\InstallShield Installation Information - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

C:\Users\Windows 7\AppData\Roaming\DesktopIconForAmazon - Parameters: "(none)"

---Files---
ama.ico	--a---- 360518 bytes	[22:05 25/12/2012]	[22:05 25/12/2012]
IconForAmazon.exe	--a---- 753664 bytes	[22:05 25/12/2012]	[22:05 25/12/2012]

---Folders---
None found.

C:\Users\Windows 7\AppData\Roaming\OCS - Parameters: "(none)"

---Files---
None found.

---Folders---
SM	d------	[22:04 25/12/2012]

C:\ProgramData\Cached Installations - Parameters: "(none)"

---Files---
None found.

---Folders---
{E472E726-B8D2-4B6D-9A37-0AE08EA2B042}	d------	[21:21 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery.d7cc0641 - Parameters: "(none)"

---Files---
None found.

---Folders---
psr	d------	[20:50 25/12/2012]
Reports	d------	[20:51 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\OfficeRecovery - Parameters: "(none)"

---Files---
None found.

---Folders---
psr	d------	[20:50 25/12/2012]

C:\Users\Windows 7\AppData\Roaming\Foxit Reader - Parameters: "(none)"

---Files---
reader_update_req.xml	--a---- 503 bytes	[21:51 24/12/2012]	[21:51 24/12/2012]

---Folders---
None found.

 - Unable to find folder.

-= EOF =-

Alt 26.12.2012, 23:06   #41
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Das ist echt ein kompliziertes Ding ... ich schaue morgen weiter, was wir da machen.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.12.2012, 23:07   #42
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Meinst du ich kann jetzt wieder surfen oder sollte es erstmal komplett lassen? Ich mach mir Sorgen wegen Phishing.

Alt 26.12.2012, 23:09   #43
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Im Moment würde ich das nicht empfehlen.

Was du mal probieren kannst:

Kommen die Umleitungen auch in anderen Browsern? Also Internetexplorer oder zb. Opera?
Wenn du abgesichert bootest, kommt es dann auch?

Bis morgen.
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.12.2012, 23:18   #44
Katrin Grabe
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Sorry, letzte Frage für Heute: Wiekomm ich denn in den abgesicherten Modus ? Habe während dem Start beim ersten Versuch F5 und beim zweiten F8 gedrückt, hat nix gebracht.

Gute Nacht mein Lieber

Guten Morgen!

Heute schaffen wir es

Alt 27.12.2012, 10:25   #45
ryder
/// TB-Ausbilder
 
Firefox hat Viren im Pelz - Standard

Firefox hat Viren im Pelz


Hast du dir ein FF Plugin installiert namens Fast Video Download?
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Antwort
Seite 3 von 5 12 3 45

Themen zu Firefox hat Viren im Pelz
aktuelle, antivir, befall, brauche, browser, einfach, ergebnis, experten, firefox, fund, internetverbindung, mbam, melde, neue, problem, programm, regeln, seite, seiten, spiele, spielen, traum, verbindung, version, viren, zugriff


« GVU Trojaner, auch im abgespeicherten Modi | GVU schaltet sich sogar in den abgesicherten Modus. »


Ähnliche Themen: Firefox hat Viren im Pelz


  1. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  2. Trojaner erfolgreich auf den Pelz gerückt
    Lob, Kritik und Wünsche - 21.11.2014 (0)
  3. Jeder Viren chutz erkennt bei normalen Programmen über 300 Viren auf meinem PC
    Log-Analyse und Auswertung - 01.08.2013 (9)
  4. Jeder Viren Schutz erkennt bei normalen Programmen über 300 Viren auf meinem PC
    Mülltonne - 31.07.2013 (1)
  5. These: Avira installiert eigene Viren bzw. parallel AV-Programme, die Viren enthalten ...
    Antiviren-, Firewall- und andere Schutzprogramme - 13.05.2013 (7)
  6. Live Security eingefangen - Firefox leitet zu Windows Live um - immer noch Viren auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (27)
  7. der Bär hat einen dicken Pelz
    Mülltonne - 15.04.2012 (0)
  8. Java Viren durch selbstöffnende Firefox-Tabs Fall 2
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (5)
  9. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)
  10. Java Viren durch selbstöffnende Firefox-Tabs
    Plagegeister aller Art und deren Bekämpfung - 15.09.2010 (30)
  11. firefox öffnet selbstständig neue fenster mit viren als inhalt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2010 (12)
  12. Firefox öffnet Seiten und avast findet ständig Viren
    Plagegeister aller Art und deren Bekämpfung - 03.06.2010 (6)
  13. Firefox von Viren befallen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2010 (13)
  14. Firefox führt zu falschen Links und erzählt mir ständig ich hätte mehrere Viren
    Log-Analyse und Auswertung - 18.05.2009 (55)
  15. mozilla firefox spinnt total!viren?
    Netzwerk und Hardware - 23.04.2008 (12)
  16. War eine ganze Weile fei von Viren aber jetzt habe ich Viren Bursters !!!
    Log-Analyse und Auswertung - 17.12.2006 (1)
  17. kaspersky findet angeblich viren ind java dateien - sind es wirklich viren ?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2005 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firefox hat Viren im Pelz - Mein nächster Vorschlag wäre, Firefox nochmal komplett zu desinstallieren und nicht mehr eine Beta, sondern die aktuelle Version zu verwenden. Ich habe die Beta installiert, weil der Update Checker mir - Firefox hat Viren im Pelz...
Archiv
Du betrachtest: Firefox hat Viren im Pelz auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130