Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Plagegeister aller Art und deren Bekämpfung: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 27.09.2013, 08:54   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Die freie, wenn Du aber was kaufen willst empfehle ich Emsisoft.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.09.2013, 10:32   #17
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


So, jetzt habe ich es wohl mal geschafft, eine Anweisung fehlerfrei umzusetzen.

Hier also die Fixlog-Datei:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2013
Ran by Win7 at 2013-09-27 11:18:33 Run:3
Running from C:\Users\Win7\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
*****************

"C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
HKCR\PROTOCOLS\Handler\AutorunsDisabled\skype4com => Key deleted successfully.
HKCR\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => Key deleted successfully.

==== End of Fixlog ====
Ich danke Dir mal wieder.

P.S.: der doofe Ordner AutorunsDisabled springt immer noch auf.
__________________
Alt 27.09.2013, 17:21   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Aaarrghhh

Scan mit SystemLook

Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit)
  • Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    ATTFilter
    :folderfind
*AutorunsDisabled*
:regfind
AutorunsDisabled
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
__________________
Alt 27.09.2013, 17:46   #19
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hai Schrauber,

hier isses:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 18:43 on 27/09/2013 by Win7
Administrator - Elevation successful

========== folderfind ==========

Searching for "*AutorunsDisabled*"
C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled	d------	[19:42 18/02/2013]

========== regfind ==========

Searching for "AutorunsDisabled"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
[HKEY_USERS\S-1-5-21-4262714597-415870921-2499499596-1000\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]

-= EOF =-
Habe nach diesem Schritt jetzt nicht ausprobiert, ob`s immer noch kommt. Ich nehme an, dass dieser Schritt der Suche nach dem Ursprung des Phänomens diente.

Falls es weiterhilft, bzw. um die Umstände gering zu halten: groß stören würde es mich nicht, das Ding beim Systemstart jedesmal wegzuklicken, wenn es sonst nichts anrichtet

Ich danke Dir und grüße.

Alt 28.09.2013, 12:15   #20
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Nochmal Systemlook bitte, diesmal damit:
Code:
ATTFilter
:reg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled /sub

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.09.2013, 15:08   #21
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hai Schrauber, wollen wir hoffen, dass es auf die Spur des Lümmels führt:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 16:07 on 28/09/2013 by Win7
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"MyTomTomSA.exe"="C:\Program Files\MyTomTom 3\MyTomTomSA.exe"


-= EOF =-
Vielen Dank und viele Grüße.

Alt 29.09.2013, 05:53   #22
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 09:32   #23
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hai Schrauber,

hier sind die Log-Dateien:

Code:
ATTFilter
OTL logfile created on: 29.09.2013 10:22:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,27% Memory free
6,49 Gb Paging File | 5,43 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,04 Gb Total Space | 198,58 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
Drive D: | 110,81 Gb Total Space | 109,85 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Win7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\Windows\gdrv.sys File not found
DRV - (catchme) -- C:\Users\Win7\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (AVerAF35) -- C:\Windows\System32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech                  )
DRV - (BTPROT) -- C:\Windows\System32\drivers\btprot.sys (iAnywhere Solutions)
DRV - (BTIAUSB) -- C:\Windows\System32\drivers\btiausb.sys (iAnywhere Solutions)
DRV - (btiaspp) -- C:\Windows\System32\drivers\btiaspp.sys (iAnywhere Solutions)
DRV - (btiaa2dp) -- C:\Windows\System32\drivers\btiaa2dp.sys (iAnywhere Solutions)
DRV - (BTiAPan) -- C:\Windows\System32\drivers\btiapan.sys (iAnywhere Solutions)
DRV - (iAnywhere_btAudio) -- C:\Windows\System32\drivers\btiasco.sys (iAnywhere Solutions)
DRV - (btiarcp) -- C:\Windows\System32\drivers\btiarcp.sys (iAnywhere Solutions)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 DB D5 EB 2A 1C CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.26 21:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.24 22:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.06 21:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.06 21:49:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013.09.26 13:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Extensions
[2013.09.27 13:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\fwlgc5x7.default\extensions
[2013.09.26 20:39:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\fwlgc5x7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.09.26 15:33:22 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\fwlgc5x7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.09.26 15:32:42 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\fwlgc5x7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.09.24 22:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.09.26 13:27:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.09.26 21:07:18 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
 
O1 HOSTS File: ([2013.09.23 12:24:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.09.25 13:56:18 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E3E7279-869C-4DAC-819A-F6740884B2DC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.29 10:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe
[2013.09.26 21:07:31 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.09.26 21:07:31 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.09.26 21:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.09.26 21:07:29 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.09.26 21:07:29 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.09.26 21:07:28 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.09.26 21:07:28 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.09.26 21:07:28 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.09.26 21:07:06 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.09.26 21:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.09.26 21:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.09.26 13:13:31 | 001,089,329 | ---- | C] (Farbar) -- C:\Users\Win7\Desktop\FRST.exe
[2013.09.25 20:34:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013.09.25 20:14:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.09.24 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.09.23 21:14:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.23 21:04:42 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Win7\Desktop\mbam-setup-1.75.0.1300(1).exe
[2013.09.23 12:24:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.09.23 12:24:33 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\temp
[2013.09.23 12:11:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.09.11 22:57:46 | 000,000,000 | R--D | C] -- C:\Users\Win7\Documents\Scanned Documents
[2013.09.11 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Fax
[2013.09.11 21:51:09 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.11 21:51:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.11 21:51:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.09.11 21:51:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.09.11 21:51:08 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.11 21:51:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.11 21:51:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.09.11 21:51:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.09.11 21:51:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.09.11 21:51:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.09.11 12:52:44 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.09.11 12:52:44 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.09.11 12:52:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.09.11 12:52:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.09.11 12:52:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 12:52:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Musicnotes
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.29 10:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe
[2013.09.29 10:20:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.29 10:20:04 | 2615,209,984 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.29 00:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.28 16:12:48 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.28 16:12:48 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.28 16:09:45 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.09.28 16:09:45 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.09.28 16:09:45 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.09.28 16:09:45 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.09.27 21:58:38 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.09.27 18:41:38 | 000,139,264 | ---- | M] () -- C:\Users\Win7\Desktop\SystemLook.exe
[2013.09.26 21:07:31 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.26 21:07:28 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.09.26 21:06:11 | 131,918,888 | ---- | M] () -- C:\Users\Win7\Desktop\avast_free_antivirus_setup_8.0.1497.376.exe
[2013.09.26 13:27:34 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.26 13:13:36 | 001,089,329 | ---- | M] (Farbar) -- C:\Users\Win7\Desktop\FRST.exe
[2013.09.23 21:05:21 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Win7\Desktop\mbam-setup-1.75.0.1300(1).exe
[2013.09.23 12:24:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.09.11 21:57:16 | 000,367,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.09.11 15:11:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.09.11 15:11:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.09.10 12:04:02 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013.09.09 15:52:49 | 003,636,832 | ---- | M] () -- C:\Users\Win7\Desktop\IMSLP63977-PMLP06617-Clementi_Sonatinen_1_Durand_Op_36_filter.pdf
[2013.09.06 20:47:57 | 000,131,289 | ---- | M] () -- C:\Users\Win7\Desktop\bette_midler--the_rose.pdf
[2013.09.03 13:06:31 | 008,408,572 | ---- | M] () -- C:\Users\Win7\Desktop\IMSLP120580-PMLP08821-czerny_599.pdf
 
========== Files Created - No Company Name ==========
 
[2013.09.27 18:41:40 | 000,139,264 | ---- | C] () -- C:\Users\Win7\Desktop\SystemLook.exe
[2013.09.26 21:07:31 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.26 21:07:28 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.09.26 21:07:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.09.26 20:57:07 | 131,918,888 | ---- | C] () -- C:\Users\Win7\Desktop\avast_free_antivirus_setup_8.0.1497.376.exe
[2013.09.26 13:27:33 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.09.26 13:27:33 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.10 12:04:02 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013.09.09 15:52:47 | 003,636,832 | ---- | C] () -- C:\Users\Win7\Desktop\IMSLP63977-PMLP06617-Clementi_Sonatinen_1_Durand_Op_36_filter.pdf
[2013.09.06 20:47:56 | 000,131,289 | ---- | C] () -- C:\Users\Win7\Desktop\bette_midler--the_rose.pdf
[2013.09.03 13:05:54 | 008,408,572 | ---- | C] () -- C:\Users\Win7\Desktop\IMSLP120580-PMLP08821-czerny_599.pdf
[2013.07.14 22:18:07 | 000,000,108 | --S- | C] () -- C:\Users\Win7\Verknüpfung mit Desktop
[2012.03.18 18:03:23 | 000,000,356 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2012.03.17 22:48:46 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.03.16 13:52:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.16 13:49:59 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2012.03.16 13:49:59 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2012.03.16 13:47:25 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.03.16 13:46:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.09.25 21:51:07 | 097,858,179 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ዿ띥᭔b
[2013.09.25 21:51:07 | 097,858,179 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ዿ띥᭔b
[2013.09.19 21:02:53 | 098,395,704 | ---- | M] ()(C:\Windows\System32\???j) -- C:\Windows\System32\훐㫥᭔j
[2013.09.19 21:02:53 | 098,395,704 | ---- | C] ()(C:\Windows\System32\???j) -- C:\Windows\System32\훐㫥᭔j
[2013.09.19 19:02:59 | 098,395,704 | ---- | M] ()(C:\Windows\System32\???f) -- C:\Windows\System32\લ㞌᭔f
[2013.09.19 17:03:01 | 098,395,704 | ---- | C] ()(C:\Windows\System32\???f) -- C:\Windows\System32\લ㞌᭔f
[2013.09.17 22:07:11 | 098,062,984 | ---- | M] ()(C:\Windows\System32\???]) -- C:\Windows\System32\竘迤᭔]
[2013.09.17 12:07:09 | 098,062,984 | ---- | C] ()(C:\Windows\System32\???]) -- C:\Windows\System32\竘迤᭔]
[2013.09.06 15:02:28 | 096,334,488 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\늅᭔b
[2013.09.06 09:02:38 | 096,334,488 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\늅᭔b
[2013.08.21 23:21:03 | 099,750,289 | ---- | M] ()(C:\Windows\System32\???m) -- C:\Windows\System32\਺杛᭔m
[2013.08.21 21:21:01 | 099,750,289 | ---- | C] ()(C:\Windows\System32\???m) -- C:\Windows\System32\਺杛᭔m

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 29.09.2013 10:22:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,27% Memory free
6,49 Gb Paging File | 5,43 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,04 Gb Total Space | 198,58 Gb Free Space | 81,37% Space Free | Partition Type: NTFS
Drive D: | 110,81 Gb Total Space | 109,85 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3B46DE-37A8-4AF6-B1E2-05667D969758}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E3B3DC5-6E6E-4FBE-8247-B07335723770}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{208FB2E7-4448-421E-85D4-8F589770F830}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AF9D307-FDBA-4B31-8054-B5E7DC10CB2D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{528AD1C9-E511-4442-82F6-E133E5D1E2CC}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
"{5914D253-3456-4A86-8F23-7B7883430539}" = lport=445 | protocol=6 | dir=in | app=system | 
"{749BB079-55F5-4885-9638-E6FAEDF0AB1A}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{766C2115-D894-4E94-A71F-169B0C83E36B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7DDA057D-762C-4B0B-A721-AFE059B82D7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{84ACCCDE-92BC-4C43-826D-9F41C0B7DDF9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8784E084-CC3E-45AF-8DBB-42C5D9066102}" = lport=139 | protocol=6 | dir=in | app=system | 
"{87E45CE3-36A5-49A8-B09A-F863967471AB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E2D8052-7FD9-4CD6-986F-13F607FEF2D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{92E01F25-E395-4B53-BC01-8F745803E5CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{980C4167-C7D6-4A47-BF85-135252FBB717}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D183870-853B-484D-899E-459071D43BC1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A98F7F00-735A-4C70-B9F3-638FE5250F64}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE72DC35-9C9C-443D-B224-0F1705ABAF76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D495E48E-3FBC-47DB-92C7-983A87DE910D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2BDB7F4-A074-4206-B03B-C72D06666ABC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4F93746-0F32-4207-AD3B-F65B7D5E3EDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5AB46D9-03B9-4713-B786-B57A2CA9CA39}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FD1EE8A8-CCC8-4976-BD8F-57E794B0A72D}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0939E-12DF-4773-ABF8-4FBFC5EF9763}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{03D06BE2-F1AA-445F-B4F2-80BA8E4DC837}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{082447F9-9635-4F08-8161-0A1412FFFF77}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{2DBA1365-4064-4969-A04A-6B25A62483B6}" = dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{367854AD-889C-4D0B-B94A-ED92AD6326DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{370B44D6-01DB-4D6B-B4C5-F8EBCEA75163}" = dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{37F6772A-E7CC-49E9-9FAE-950181085ED8}" = dir=out | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{39BAB1D1-D90C-4CE7-A3E7-2277CD636980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4592DD08-F5AD-46E8-8339-5760E8F3F169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{46EAB5D0-E4EE-423D-B55A-5CF2059C3639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BFCA426-69C8-4E05-A6E3-448D367B88DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4E8921D0-01EF-440B-A95E-5C122839944E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{505C82F2-32CE-4D42-9E16-F8D6E1F254D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5F5B1C7A-4870-4BDC-BB4C-A09C57D08D74}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{60332EA6-0884-495A-B053-E837863EBBAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{621CDA28-3DD6-47D7-9BCD-7FC33156DC29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BA19AD1-ECDC-439F-AFC2-E33A74CFF63B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6E181520-A081-4C09-BCB2-47F97028ADCA}" = dir=in | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{7A07728A-B164-44FD-859E-98AE6E32EBA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D709124-632E-47D5-BF93-A77E48BF5957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F8DB323-9780-42FB-8693-2957B8DA3FD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9913A27A-A459-47A3-87CC-D3D3453DA181}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A58F4EF6-7610-471C-9C5E-01B954DD14D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB66CA91-276F-41AE-AC65-F3488073F605}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{DA3EB1A3-CF11-48F4-80E9-DF6FAB44A340}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{DAAA1A42-2F31-4850-AE45-182736CE902F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DD31C4F2-FF55-4E92-B5C8-A2AE9EEC38F8}" = protocol=6 | dir=out | app=system | 
"{DEFC1490-2E2C-4C5E-9B00-FB7557B3F0CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E0216EA9-2D8A-4F43-9905-367EC79FF88F}" = dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{F2107746-3470-4061-B18B-EBE49CB0691A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFA2DA66-3EF2-465A-8BE8-64F8A0431BE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B5F055F-0D34-C0E0-7E34-45789E958BCE}" = CCC Help English
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{16F4BFFB-6A79-7A40-A591-23C63FC4D595}" = Catalyst Control Center Localization All
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D8635E1-46A9-1B10-6151-ED7169AB8C9A}" = GMX SMS-Manager
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23A7D2CE-1A04-41D6-96A9-65D897E86DC2}" = CCC Help Czech
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34E23470-E328-BFCD-B3EF-E6E74E87FEDD}" = AMD VISION Engine Control Center
"{3A1EBEF3-9BDC-FFCD-8144-265FD2FD1D33}" = CCC Help Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42F965F4-EABA-A9E4-C4B6-38C12EC34FBC}" = CCC Help Polish
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E8EDE0A-E97B-2475-BF6B-C8FEEC4F4482}" = CCC Help Thai
"{66E4187B-991A-A4BE-933B-08B3BEBC0EE6}" = CCC Help Chinese Standard
"{6EB3C538-B9B8-F2BB-AEC4-865AC2DF2EE0}" = CCC Help Finnish
"{70F9C054-B713-B704-2E37-7F78439D5FA8}" = CCC Help Turkish
"{716A2D35-F0D5-3BE4-D02A-0C0A2FCDF7BB}" = CCC Help Danish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6A5017-D634-37FD-B966-89A6463CD1D0}" = AMD Fuel
"{7CEED00F-11AC-9C5C-F500-AF86D4C67E40}" = Catalyst Control Center Profiles Mobile
"{831C848D-F785-F9AF-693B-9BD2C9ED5D0B}" = CCC Help Portuguese
"{8376660A-EA9B-7AC6-B08C-BA0E6BEF7E74}" = AMD Catalyst Install Manager
"{84374801-0EEE-9A50-6F79-17E2057CC6C9}" = CCC Help Korean
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F10F574-9C09-CEE0-DCC9-317DB01190FC}" = Catalyst Control Center InstallProxy
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.6
"{98097DB0-38DE-E2E8-D8F2-97F2816D5D4A}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3B31093-3C8E-3D69-A4EF-2EA950720590}" = CCC Help Japanese
"{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}" = Deutsche Post E-Porto
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch
"{AD053B60-BC7C-D749-0D5B-4ADE932AF931}" = CCC Help Hungarian
"{BA63E5E6-1E94-B252-4A6C-38126EDBE304}" = ccc-utility
"{C7132F71-289A-4111-A9A9-1DD28C7B80A7}" = TVCenter
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D3D3A52A-BD2B-BC1E-903F-A47E00F31AF8}" = CCC Help Greek
"{D541F7BE-3CAC-18C6-43B3-CEAEA5887296}" = CCC Help French
"{D93CC12C-4C40-C463-3463-9E025C277D3C}" = CCC Help Italian
"{DBCB47B1-235E-C4A8-C481-DDA01B49C9A7}" = CCC Help Spanish
"{DD899638-B3F5-A6D0-E263-44D5704A080C}" = CCC Help German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAEA976B-4C36-141F-C7D8-889E0B067CE0}" = CCC Help Chinese Traditional
"{FCF0E04F-B459-61BE-66B5-B7D02112605F}" = CCC Help Dutch
"{FE7989B2-9F10-977F-3ABD-AF441E38AA41}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"avast" = avast! Free Antivirus
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"KVB-Erstattungsantrag PC_is1" = KVB-Erstattungsantrag PC 2.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Player_is1" = Musicnotes Player V1.32.2 and Viewer V1.19.0
"MyTomTom" = MyTomTom 3.2.0.1116
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Ubuntu One 4.1.91" = Ubuntu One
"VLC media player" = VLC media player 2.0.7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.09.2013 14:55:37 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.09.2013 15:06:47 | Computer Name = Win7-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 ssmdrv.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.09.2013 15:16:55 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.09.2013 16:47:35 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 02:48:35 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 05:16:53 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 05:32:30 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 15:58:30 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.09.2013 10:07:10 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2013 04:21:56 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.09.2013 14:53:01 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.09.2013 15:14:19 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.09.2013 16:31:45 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.09.2013 17:01:40 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 03:33:33 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 05:29:56 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 06:52:48 | Computer Name = Win7-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2013 15:56:57 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 17:44:49 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.09.2013 19:06:03 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
Danke, dass Du Dich sogar sonntags mit den Plagegeistern rumplagst und Grüße.

Alt 29.09.2013, 17:59   #24
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hi,
bitte OTL nochmal scannen lassen, diesmal mit "All Users" angehakt.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 18:11   #25
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hai Schrauber, hier die Logs.
Klingt beunruhigend, Deine Anweisung....ich dachte immer, ich sei der einzige Benutzer auf diesem PC.

Code:
ATTFilter
OTL logfile created on: 29.09.2013 19:02:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,06% Memory free
6,49 Gb Paging File | 5,39 Gb Available in Paging File | 83,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,04 Gb Total Space | 198,29 Gb Free Space | 81,25% Space Free | Partition Type: NTFS
Drive D: | 110,81 Gb Total Space | 109,85 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Win7\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (VIAKaraokeService) -- C:\Windows\System32\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- C:\Windows\gdrv.sys File not found
DRV - (catchme) -- C:\Users\Win7\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices)
DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices)
DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys ()
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (MHIKEY10) -- C:\Windows\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices Inc.)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (AVerAF35) -- C:\Windows\System32\drivers\AVerAF35.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (azvusb) -- C:\Windows\System32\drivers\azvusb.sys (AzureWave Technologies, Inc.)
DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech                  )
DRV - (BTPROT) -- C:\Windows\System32\drivers\btprot.sys (iAnywhere Solutions)
DRV - (BTIAUSB) -- C:\Windows\System32\drivers\btiausb.sys (iAnywhere Solutions)
DRV - (btiaspp) -- C:\Windows\System32\drivers\btiaspp.sys (iAnywhere Solutions)
DRV - (btiaa2dp) -- C:\Windows\System32\drivers\btiaa2dp.sys (iAnywhere Solutions)
DRV - (BTiAPan) -- C:\Windows\System32\drivers\btiapan.sys (iAnywhere Solutions)
DRV - (iAnywhere_btAudio) -- C:\Windows\System32\drivers\btiasco.sys (iAnywhere Solutions)
DRV - (btiarcp) -- C:\Windows\System32\drivers\btiarcp.sys (iAnywhere Solutions)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 DB D5 EB 2A 1C CE 01  [binary data]
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.1
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.09.26 21:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.09.24 22:08:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.06 21:49:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.08.06 21:49:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2013.09.26 13:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Extensions
[2013.09.27 13:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\fwlgc5x7.default\extensions
[2013.09.26 20:39:59 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Win7\AppData\Roaming\mozilla\Firefox\Profiles\fwlgc5x7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013.09.26 15:33:22 | 000,534,729 | ---- | M] () (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\fwlgc5x7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.09.26 15:32:42 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Win7\AppData\Roaming\mozilla\firefox\profiles\fwlgc5x7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.09.24 22:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.09.26 13:27:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.09.26 21:07:18 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
 
O1 HOSTS File: ([2013.09.23 12:24:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKU\S-1-5-21-4262714597-415870921-2499499596-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.09.25 13:56:18 | 000,000,000 | ---D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4262714597-415870921-2499499596-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E3E7279-869C-4DAC-819A-F6740884B2DC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.29 10:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe
[2013.09.26 21:07:31 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.09.26 21:07:31 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.09.26 21:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.09.26 21:07:29 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.09.26 21:07:29 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.09.26 21:07:28 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.09.26 21:07:28 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.09.26 21:07:28 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.09.26 21:07:06 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.09.26 21:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.09.26 21:06:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.09.26 13:13:31 | 001,089,329 | ---- | C] (Farbar) -- C:\Users\Win7\Desktop\FRST.exe
[2013.09.25 20:34:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013.09.25 20:14:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.09.24 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.09.23 21:14:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.09.23 21:04:42 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Win7\Desktop\mbam-setup-1.75.0.1300(1).exe
[2013.09.23 12:24:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.09.23 12:24:33 | 000,000,000 | ---D | C] -- C:\Users\Win7\AppData\Local\temp
[2013.09.23 12:11:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.09.11 22:57:46 | 000,000,000 | R--D | C] -- C:\Users\Win7\Documents\Scanned Documents
[2013.09.11 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Fax
[2013.09.11 21:51:09 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.09.11 21:51:09 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.09.11 21:51:08 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.09.11 21:51:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.09.11 21:51:08 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.09.11 21:51:07 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.09.11 21:51:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.09.11 21:51:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.09.11 21:51:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.09.11 21:51:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.09.11 12:52:44 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.09.11 12:52:44 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013.09.11 12:52:43 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.09.11 12:52:43 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.09.11 12:52:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.09.11 12:52:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.09.11 12:52:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.09.11 12:52:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\Win7\Documents\Musicnotes
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musicnotes
[2013.09.10 12:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Musicnotes
 
========== Files - Modified Within 30 Days ==========
 
[2013.09.29 18:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.09.29 17:00:27 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.09.29 17:00:27 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.09.29 16:57:46 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.09.29 16:57:46 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.09.29 16:57:46 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.09.29 16:57:46 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.09.29 16:53:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.09.29 16:53:12 | 2615,209,984 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.29 10:21:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Win7\Desktop\OTL.exe
[2013.09.27 21:58:38 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2013.09.27 18:41:38 | 000,139,264 | ---- | M] () -- C:\Users\Win7\Desktop\SystemLook.exe
[2013.09.26 21:07:31 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.26 21:07:28 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.09.26 21:06:11 | 131,918,888 | ---- | M] () -- C:\Users\Win7\Desktop\avast_free_antivirus_setup_8.0.1497.376.exe
[2013.09.26 13:27:34 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.26 13:13:36 | 001,089,329 | ---- | M] (Farbar) -- C:\Users\Win7\Desktop\FRST.exe
[2013.09.23 21:05:21 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Win7\Desktop\mbam-setup-1.75.0.1300(1).exe
[2013.09.23 12:24:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.09.11 21:57:16 | 000,367,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.09.11 15:11:44 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.09.11 15:11:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.09.10 12:04:02 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013.09.09 15:52:49 | 003,636,832 | ---- | M] () -- C:\Users\Win7\Desktop\IMSLP63977-PMLP06617-Clementi_Sonatinen_1_Durand_Op_36_filter.pdf
[2013.09.06 20:47:57 | 000,131,289 | ---- | M] () -- C:\Users\Win7\Desktop\bette_midler--the_rose.pdf
[2013.09.03 13:06:31 | 008,408,572 | ---- | M] () -- C:\Users\Win7\Desktop\IMSLP120580-PMLP08821-czerny_599.pdf
 
========== Files Created - No Company Name ==========
 
[2013.09.27 18:41:40 | 000,139,264 | ---- | C] () -- C:\Users\Win7\Desktop\SystemLook.exe
[2013.09.26 21:07:31 | 000,002,035 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.09.26 21:07:28 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.09.26 21:07:28 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.09.26 20:57:07 | 131,918,888 | ---- | C] () -- C:\Users\Win7\Desktop\avast_free_antivirus_setup_8.0.1497.376.exe
[2013.09.26 13:27:33 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.09.26 13:27:33 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.09.10 12:04:02 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Musicnotes Player.lnk
[2013.09.09 15:52:47 | 003,636,832 | ---- | C] () -- C:\Users\Win7\Desktop\IMSLP63977-PMLP06617-Clementi_Sonatinen_1_Durand_Op_36_filter.pdf
[2013.09.06 20:47:56 | 000,131,289 | ---- | C] () -- C:\Users\Win7\Desktop\bette_midler--the_rose.pdf
[2013.09.03 13:05:54 | 008,408,572 | ---- | C] () -- C:\Users\Win7\Desktop\IMSLP120580-PMLP08821-czerny_599.pdf
[2013.07.14 22:18:07 | 000,000,108 | --S- | C] () -- C:\Users\Win7\Verknüpfung mit Desktop
[2012.03.18 18:03:23 | 000,000,356 | ---- | C] () -- C:\Windows\System32\af15irtbl.bin
[2012.03.17 22:48:46 | 000,000,273 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.03.16 13:52:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.16 13:49:59 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe
[2012.03.16 13:49:59 | 000,018,544 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys
[2012.03.16 13:47:25 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.03.16 13:46:01 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2013.09.25 21:51:07 | 097,858,179 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ዿ띥᭔b
[2013.09.25 21:51:07 | 097,858,179 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\ዿ띥᭔b
[2013.09.19 21:02:53 | 098,395,704 | ---- | M] ()(C:\Windows\System32\???j) -- C:\Windows\System32\훐㫥᭔j
[2013.09.19 21:02:53 | 098,395,704 | ---- | C] ()(C:\Windows\System32\???j) -- C:\Windows\System32\훐㫥᭔j
[2013.09.19 19:02:59 | 098,395,704 | ---- | M] ()(C:\Windows\System32\???f) -- C:\Windows\System32\લ㞌᭔f
[2013.09.19 17:03:01 | 098,395,704 | ---- | C] ()(C:\Windows\System32\???f) -- C:\Windows\System32\લ㞌᭔f
[2013.09.17 22:07:11 | 098,062,984 | ---- | M] ()(C:\Windows\System32\???]) -- C:\Windows\System32\竘迤᭔]
[2013.09.17 12:07:09 | 098,062,984 | ---- | C] ()(C:\Windows\System32\???]) -- C:\Windows\System32\竘迤᭔]
[2013.09.06 15:02:28 | 096,334,488 | ---- | M] ()(C:\Windows\System32\???b) -- C:\Windows\System32\늅᭔b
[2013.09.06 09:02:38 | 096,334,488 | ---- | C] ()(C:\Windows\System32\???b) -- C:\Windows\System32\늅᭔b
[2013.08.21 23:21:03 | 099,750,289 | ---- | M] ()(C:\Windows\System32\???m) -- C:\Windows\System32\਺杛᭔m
[2013.08.21 21:21:01 | 099,750,289 | ---- | C] ()(C:\Windows\System32\???m) -- C:\Windows\System32\਺杛᭔m

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 29.09.2013 19:02:49 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Win7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 70,06% Memory free
6,49 Gb Paging File | 5,39 Gb Available in Paging File | 83,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,04 Gb Total Space | 198,29 Gb Free Space | 81,25% Space Free | Partition Type: NTFS
Drive D: | 110,81 Gb Total Space | 109,85 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4262714597-415870921-2499499596-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D3B46DE-37A8-4AF6-B1E2-05667D969758}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E3B3DC5-6E6E-4FBE-8247-B07335723770}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{208FB2E7-4448-421E-85D4-8F589770F830}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4AF9D307-FDBA-4B31-8054-B5E7DC10CB2D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{528AD1C9-E511-4442-82F6-E133E5D1E2CC}" = lport=1900 | protocol=17 | dir=in | name=upnp device discovery (udp 1900) | 
"{5914D253-3456-4A86-8F23-7B7883430539}" = lport=445 | protocol=6 | dir=in | app=system | 
"{749BB079-55F5-4885-9638-E6FAEDF0AB1A}" = lport=2869 | protocol=6 | dir=in | name=upnp device discovery (tcp 2869) | 
"{766C2115-D894-4E94-A71F-169B0C83E36B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7DDA057D-762C-4B0B-A721-AFE059B82D7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{84ACCCDE-92BC-4C43-826D-9F41C0B7DDF9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8784E084-CC3E-45AF-8DBB-42C5D9066102}" = lport=139 | protocol=6 | dir=in | app=system | 
"{87E45CE3-36A5-49A8-B09A-F863967471AB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E2D8052-7FD9-4CD6-986F-13F607FEF2D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{92E01F25-E395-4B53-BC01-8F745803E5CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{980C4167-C7D6-4A47-BF85-135252FBB717}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9D183870-853B-484D-899E-459071D43BC1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A98F7F00-735A-4C70-B9F3-638FE5250F64}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BE72DC35-9C9C-443D-B224-0F1705ABAF76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D495E48E-3FBC-47DB-92C7-983A87DE910D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2BDB7F4-A074-4206-B03B-C72D06666ABC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E4F93746-0F32-4207-AD3B-F65B7D5E3EDF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E5AB46D9-03B9-4713-B786-B57A2CA9CA39}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FD1EE8A8-CCC8-4976-BD8F-57E794B0A72D}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C0939E-12DF-4773-ABF8-4FBFC5EF9763}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{03D06BE2-F1AA-445F-B4F2-80BA8E4DC837}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{082447F9-9635-4F08-8161-0A1412FFFF77}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{2DBA1365-4064-4969-A04A-6B25A62483B6}" = dir=in | app=c:\program files\common files\pctv systems\pvr\videocontrol.exe | 
"{367854AD-889C-4D0B-B94A-ED92AD6326DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{370B44D6-01DB-4D6B-B4C5-F8EBCEA75163}" = dir=in | app=c:\program files\common files\pctv systems\streamingserver\strmserver.exe | 
"{37F6772A-E7CC-49E9-9FAE-950181085ED8}" = dir=out | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{39BAB1D1-D90C-4CE7-A3E7-2277CD636980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4592DD08-F5AD-46E8-8339-5760E8F3F169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{46EAB5D0-E4EE-423D-B55A-5CF2059C3639}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BFCA426-69C8-4E05-A6E3-448D367B88DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4E8921D0-01EF-440B-A95E-5C122839944E}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{505C82F2-32CE-4D42-9E16-F8D6E1F254D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5F5B1C7A-4870-4BDC-BB4C-A09C57D08D74}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{60332EA6-0884-495A-B053-E837863EBBAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{621CDA28-3DD6-47D7-9BCD-7FC33156DC29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6BA19AD1-ECDC-439F-AFC2-E33A74CFF63B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6E181520-A081-4C09-BCB2-47F97028ADCA}" = dir=in | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe | 
"{7A07728A-B164-44FD-859E-98AE6E32EBA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D709124-632E-47D5-BF93-A77E48BF5957}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8F8DB323-9780-42FB-8693-2957B8DA3FD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9913A27A-A459-47A3-87CC-D3D3453DA181}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A58F4EF6-7610-471C-9C5E-01B954DD14D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB66CA91-276F-41AE-AC65-F3488073F605}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{DA3EB1A3-CF11-48F4-80E9-DF6FAB44A340}" = dir=in | app=c:\windows\ehome\ehrecvr.exe | 
"{DAAA1A42-2F31-4850-AE45-182736CE902F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DD31C4F2-FF55-4E92-B5C8-A2AE9EEC38F8}" = protocol=6 | dir=out | app=system | 
"{DEFC1490-2E2C-4C5E-9B00-FB7557B3F0CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E0216EA9-2D8A-4F43-9905-367EC79FF88F}" = dir=in | app=c:\program files\pctv systems\tvcenter\tvcenter.exe | 
"{F2107746-3470-4061-B18B-EBE49CB0691A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFA2DA66-3EF2-465A-8BE8-64F8A0431BE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B5F055F-0D34-C0E0-7E34-45789E958BCE}" = CCC Help English
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{16F4BFFB-6A79-7A40-A591-23C63FC4D595}" = Catalyst Control Center Localization All
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D8635E1-46A9-1B10-6151-ED7169AB8C9A}" = GMX SMS-Manager
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23A7D2CE-1A04-41D6-96A9-65D897E86DC2}" = CCC Help Czech
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34E23470-E328-BFCD-B3EF-E6E74E87FEDD}" = AMD VISION Engine Control Center
"{3A1EBEF3-9BDC-FFCD-8144-265FD2FD1D33}" = CCC Help Swedish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42F965F4-EABA-A9E4-C4B6-38C12EC34FBC}" = CCC Help Polish
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E8EDE0A-E97B-2475-BF6B-C8FEEC4F4482}" = CCC Help Thai
"{66E4187B-991A-A4BE-933B-08B3BEBC0EE6}" = CCC Help Chinese Standard
"{6EB3C538-B9B8-F2BB-AEC4-865AC2DF2EE0}" = CCC Help Finnish
"{70F9C054-B713-B704-2E37-7F78439D5FA8}" = CCC Help Turkish
"{716A2D35-F0D5-3BE4-D02A-0C0A2FCDF7BB}" = CCC Help Danish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B6A5017-D634-37FD-B966-89A6463CD1D0}" = AMD Fuel
"{7CEED00F-11AC-9C5C-F500-AF86D4C67E40}" = Catalyst Control Center Profiles Mobile
"{831C848D-F785-F9AF-693B-9BD2C9ED5D0B}" = CCC Help Portuguese
"{8376660A-EA9B-7AC6-B08C-BA0E6BEF7E74}" = AMD Catalyst Install Manager
"{84374801-0EEE-9A50-6F79-17E2057CC6C9}" = CCC Help Korean
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F10F574-9C09-CEE0-DCC9-317DB01190FC}" = Catalyst Control Center InstallProxy
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.6
"{98097DB0-38DE-E2E8-D8F2-97F2816D5D4A}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A3B31093-3C8E-3D69-A4EF-2EA950720590}" = CCC Help Japanese
"{A51F5414-4A2B-45A0-8EF2-B4D29CFBCAE7}" = Deutsche Post E-Porto
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Deutsch
"{AD053B60-BC7C-D749-0D5B-4ADE932AF931}" = CCC Help Hungarian
"{BA63E5E6-1E94-B252-4A6C-38126EDBE304}" = ccc-utility
"{C7132F71-289A-4111-A9A9-1DD28C7B80A7}" = TVCenter
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D3D3A52A-BD2B-BC1E-903F-A47E00F31AF8}" = CCC Help Greek
"{D541F7BE-3CAC-18C6-43B3-CEAEA5887296}" = CCC Help French
"{D93CC12C-4C40-C463-3463-9E025C277D3C}" = CCC Help Italian
"{DBCB47B1-235E-C4A8-C481-DDA01B49C9A7}" = CCC Help Spanish
"{DD899638-B3F5-A6D0-E263-44D5704A080C}" = CCC Help German
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAEA976B-4C36-141F-C7D8-889E0B067CE0}" = CCC Help Chinese Traditional
"{FCF0E04F-B459-61BE-66B5-B7D02112605F}" = CCC Help Dutch
"{FE7989B2-9F10-977F-3ABD-AF441E38AA41}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"avast" = avast! Free Antivirus
"com.unitedinternet.ums.sms-mms-manager" = GMX SMS-Manager
"EPSON BX620FWD Series" = EPSON BX620FWD Series Printer Uninstall
"EPSON BX620FWD Series Manual" = EPSON BX620FWD Series Handbuch
"EPSON BX620FWD Series Network Guide" = EPSON BX620FWD Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"KVB-Erstattungsantrag PC_is1" = KVB-Erstattungsantrag PC 2.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 24.0 (x86 de)" = Mozilla Firefox 24.0 (x86 de)
"Mozilla Thunderbird 17.0.8 (x86 de)" = Mozilla Thunderbird 17.0.8 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Musicnotes Player_is1" = Musicnotes Player V1.32.2 and Viewer V1.19.0
"MyTomTom" = MyTomTom 3.2.0.1116
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Ubuntu One 4.1.91" = Ubuntu One
"VLC media player" = VLC media player 2.0.7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.09.2013 15:16:55 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.09.2013 16:47:35 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 02:48:35 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 05:16:53 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 05:32:30 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.09.2013 15:58:30 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.09.2013 10:07:10 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2013 04:21:56 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2013 07:43:46 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.09.2013 10:55:04 | Computer Name = Win7-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 26.09.2013 16:31:45 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.09.2013 17:01:40 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 03:33:33 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 05:29:56 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 06:52:48 | Computer Name = Win7-PC | Source = bowser | ID = 8003
Description = 
 
Error - 27.09.2013 15:56:57 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.09.2013 17:44:49 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.09.2013 19:06:03 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.09.2013 07:10:09 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.09.2013 09:00:59 | Computer Name = Win7-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
OTL hat nun mit Datei-Alter 30 Tage gescannt. Ich habe als völlig Ahnungsloser allerdings die Vermutung, dass das Problem noch ein Überrest meiner ersten Bereinigung sein, könnte, die schon länger als 30 Tage zurückliegt.

Vielen Dank und Grüße.

Alt 30.09.2013, 08:38   #26
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2013.09.25 13:56:18 | 000,000,000 | ---D | M]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 12:00   #27
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hai Schrauber,

vielen Dank, der lästige Ordner hat sich ins Nirwana verbröselt:

Code:
ATTFilter
========== OTL ==========
C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 09302013_124938
Kiste sauber? Dann warte ich auf Freigabe um den Spenden-Knopf zu drücken

Alt 30.09.2013, 17:07   #28
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.09.2013, 19:54   #29
Schgazbarek
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Hallo Schrauber, ich habe alles erledigt.
Du ja wohl auch und dafür danke ich Dir sehr.

Spende -wenn man es denn so nennen will, eigentlich ist es eher eine Anerkennung- ist unterwegs.

Grüße und Tschüß.

Alt 01.10.2013, 16:23   #30
schrauber
/// the machine
/// TB-Ausbilder
 
Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Standard

Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 3 1 2 3

Themen zu Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf
adobe, antivir, avira, browser, converter, email, entfernen, excel, farbar, farbar recovery scan tool, firefox, flash player, frage, home, hängen, hängt, mozilla, netzwerk, ntdll.dll, ntopenkeyex, registry, scan, services.exe, starten, svchost.exe, system, udp, usb, windows


« Fehlermeldung:regedit.exe ist keine zulässige WIN32-Anwendung | Windows XP nach Rootkit und Fremdzugriff noch Infiziert? »


Ähnliche Themen: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf


  1. PC hängt sich auf, Probleme beim Booten, Avira beeinträchtigt
    Log-Analyse und Auswertung - 19.08.2015 (11)
  2. Avira findet beim Scan 65 Infektionen mit PUA/Linkury.Gen2
    Log-Analyse und Auswertung - 17.06.2015 (24)
  3. Windows 7: Avira lässt sich nach GMER-Scan nicht mehr aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 08.03.2015 (4)
  4. Avira findet seit Tagen db29.exe, In Quarantäne verschieben funktioniert nicht, Programm lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2015 (12)
  5. Laptop kommt beim hochfahren nur bis zum Windowssymbol und hängt sich dann auf
    Plagegeister aller Art und deren Bekämpfung - 12.02.2015 (3)
  6. avira findet versteckte objekte, bei neustart und erneutem scan gehen diese nicht weg
    Log-Analyse und Auswertung - 30.06.2014 (6)
  7. Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird
    Log-Analyse und Auswertung - 05.06.2014 (7)
  8. Avira reinstall bricht beim Entpacken ab, Sicherheitsdienst läuft nicht, MBAM findet viel
    Log-Analyse und Auswertung - 19.01.2014 (9)
  9. Avira Scan findet Tr/Bublik.B.183
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (14)
  10. Avira findet erst JS.Expack.EM und dann Spy.Zbot
    Log-Analyse und Auswertung - 11.03.2013 (24)
  11. Mbam findet PUP.InstallBrain, PC hängt und Incredibar lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (10)
  12. GVU-Virus entfernt dann Maleware scan
    Plagegeister aller Art und deren Bekämpfung - 06.10.2012 (1)
  13. USB-Stick kann nicht formatiert werden, alles hängt sich dann auf!
    Netzwerk und Hardware - 12.06.2012 (7)
  14. Kasperky meldet Trojaner, aber beim Scan findet er ihn nicht
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (7)
  15. Avira erst Warnung HTML/Infected.WebPage.Gen2 beim Scan dann mehrere versteckte Objekte gefunden
    Log-Analyse und Auswertung - 23.01.2012 (21)
  16. PC hängt sich mehrfach auf - läuft dann eine Weile problemlos - hängt dann wieder...
    Log-Analyse und Auswertung - 06.12.2009 (1)
  17. Notebook erst langsam, dann hängt er sich auf
    Alles rund um Windows - 06.01.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf - Die freie, wenn Du aber was kaufen willst empfehle ich Emsisoft. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus - Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf...
Archiv
Du betrachtest: Avira findet was, entfernt es nicht und hängt sich dann beim Scan auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55