Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast (https://www.trojaner-board.de/133457-sehr-haeufige-warnung-boesartige-webseite-blockiet-avast.html)

chapman 09.04.2013 17:37
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast
 
Hallo zusammen.

Nach langem suchen im Internet habe ich nichts zu meinem Problem gefunden.
Es handelt sich um eine Meldung von avast, die besagt das eine Bedrohung Gefunden wurde:

z.B.
Details
URL: hxxp://vjlvchretllifcsgynuq.com/jaxS67JK...
Prozess: C:\Windows\System32\svchost.exe
Infektion: URL:Mal

nur jedes mal ändert sich die URL. Dabei bin ich gar nicht auf diesen Seiten.
DAS Problem ist das die Meldung bestimmt alle 10/20 Sekunden kommt also sehr häufig.

Bei einem komplettcheck von Avast! wird aber nichts gefunden.
Was soll ich machen damit das aufhört??

Kann mir jemand helfen?

Mein System ist Windows7 professional mit 32bit.

Vielen Dank.


hijack liefert das hier nach dem start:HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:49:38 PM, on 4/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Philipp\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Philips SA19xx Gere-Manager.lnk = C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 10457 bytes
--- --- ---

aharonov 09.04.2013 18:29
Hi,

Zitat:
Kann mir jemand helfen?
Klar, aber mach bitte zuerst noch unten angegebene Diagnosescans. Mit HJT arbeiten wir nicht mehr.


Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Gmer
  • Logs von OTL

chapman 09.04.2013 19:19
Hallo!
Leider habe ich schon beim 1. Schritt das Problem das keine log datei vom defogger erstellt wird auf meinem Desktop.
Soll ich einfach weiter mit schritt 2 oder wie?

vielen Dank das du mir hilfst!

PS: auf der Gmer Seite lässt sich die exe nicht öffnen: Seitenladefehler

aharonov 09.04.2013 19:43
Hi,

von defogger brauchen wir kein Log, weiter mit Schritt 2.
Wenn du Gmer über den angegebenen Link nicht downloaden kannst, dann versuch es mit diesem.

chapman 09.04.2013 22:10
so hier wär dann schon mal das was gmer ausgespuckt leider als log im anhang weil zu lang die anderen beiden sind hier:

OTL:OTL Logfile:
Code:
OTL logfile created on: 4/9/2013 10:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 51.71% Memory free
4.98 Gb Paging File | 3.66 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.71 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:22:06 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?rd=1&ucc=BR&dcc=BR&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 20:54:33 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/08 20:54:33 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/29 13:06:44 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/29 13:06:44 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/29 13:06:44 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/29 13:06:44 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/29 13:06:44 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/29 13:06:44 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/03/29 13:06:44 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/29 13:06:44 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/29 13:06:44 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/29 13:06:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/29 13:06:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/29 13:06:44 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/29 13:06:44 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/29 13:06:44 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/29 13:06:44 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/03/29 13:06:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/29 13:06:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/29 13:06:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/29 13:06:44 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/29 13:06:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/29 13:06:44 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/29 13:06:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/29 13:06:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/29 13:06:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/29 13:06:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/29 13:06:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/29 13:06:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/29 13:06:44 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/29 13:06:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/29 13:06:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/29 13:06:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/29 13:06:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/29 13:06:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/29 13:06:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/29 13:06:44 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/29 13:06:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/29 13:05:01 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/03/29 13:05:01 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/03/29 13:05:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/29 13:05:01 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/03/29 13:05:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/03/29 13:05:01 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/29 13:05:01 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/29 13:05:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/29 13:05:01 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/03/29 13:05:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/03/29 13:05:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/29 13:05:01 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/29 13:05:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/03/29 13:05:01 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/29 13:05:00 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/03/29 13:05:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/29 13:05:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/20 23:31:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/09 22:51:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 22:51:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 22:50:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 22:43:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 22:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/09 22:42:59 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 21:41:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/08 21:41:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/29 13:06:44 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/29 13:06:44 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/29 13:06:44 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/29 13:06:44 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/29 13:06:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/03/29 13:06:44 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/29 13:06:44 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/29 13:06:44 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/29 13:06:44 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/29 13:06:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/29 13:06:44 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/29 13:06:44 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/29 13:06:44 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/29 13:06:44 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/03/29 13:06:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/29 13:06:44 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/29 13:06:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/29 13:06:44 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/29 13:06:44 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/29 13:06:44 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/29 13:06:44 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/29 13:06:44 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/29 13:06:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/29 13:06:44 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/29 13:06:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/29 13:06:44 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/29 13:06:44 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/29 13:06:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/29 13:06:44 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/29 13:06:44 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/29 13:06:44 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/29 13:06:44 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/29 13:06:44 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/29 13:06:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/29 13:06:44 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/29 13:05:01 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/03/29 13:05:01 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/03/29 13:05:01 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/03/29 13:05:01 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/29 13:05:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/03/29 13:05:01 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/03/29 13:05:01 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/29 13:05:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/29 13:05:01 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/29 13:05:01 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/03/29 13:05:01 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/03/29 13:05:01 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/29 13:05:01 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/29 13:05:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/03/29 13:05:01 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/29 13:05:00 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/29 13:05:00 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2013/03/12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB18750$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
--- --- ---


Extras:OTL Logfile:
Code:
OTL Extras logfile created on: 4/9/2013 10:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 51.71% Memory free
4.98 Gb Paging File | 3.66 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.71 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0416-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2007
"{90120000-0017-0416-0000-0000000FF1CE}_OMUI.pt-br_{CE74B6EC-A82B-4246-8E80-C21A1D6915B0}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_OMUI.pt-br_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_OMUI.pt-br_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0416-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Brazil)) 2007
"{90120000-0100-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0416-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Brazil)) 2007
"{90120000-0101-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11364.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B585D829-A7D7-4F93-8249-E55A3DDB8CA5}" = GoGear SA19xx Device Manager
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0B2410-809B-4644-ACF0-6ACBD18B24D7}" = regify client
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"avast" = avast! Internet Security
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Converter_is1" = Free Audio Converter version 5.0.22.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Battery Check" = HP Battery Check
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mosaic Creator_is1" = Mosaic Creator 3.1
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.pt-br" = Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil)
"PDF Blender" = PDF Blender
"PRJPRO" = Microsoft Office Project Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/30/2013 11:27:03 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/1/2013 7:47:00 AM | Computer Name = Philipp-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/2/2013 7:44:04 AM | Computer Name = Philipp-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 4/5/2013 3:15:06 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/6/2013 7:26:50 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/6/2013 1:35:54 PM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/6/2013 2:30:41 PM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/7/2013 8:13:25 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 4/9/2013 3:01:12 AM | Computer Name = Philipp-PC | Source = MsiInstaller | ID = 11730
Description =
 
Error - 4/9/2013 4:57:58 AM | Computer Name = Philipp-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 4/9/2013 1:48:47 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via
DNS server 141.70.86.1
 
Error - 4/9/2013 2:17:16 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via
DNS server 141.70.86.1
 
Error - 4/9/2013 2:23:50 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via
DNS server 141.70.86.1
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
 514 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: Der
angegebene Dienst ist kein installierter Dienst. 
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
 2283 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::CHostConfigMgr File: .\HostConfigMgr.cpp Line:
 128 Invoked Function: CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description:
 FILTERCOMMONIMPL_ERROR_UNEXPECTED
 
Error - 4/9/2013 4:43:23 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 4/9/2013 4:44:56 PM | Computer Name = Philipp-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar. 
 
Error - 4/9/2013 4:44:59 PM | Computer Name = Philipp-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
Error - 4/9/2013 4:47:07 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via
DNS server 141.70.86.1
 
[ OSession Events ]
Error - 10/3/2012 12:44:27 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7126
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 10/10/2012 4:41:05 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2112
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 10/18/2012 6:36:46 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 948
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12/10/2012 7:27:17 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 155
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 12/11/2012 2:51:15 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 111
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 2/13/2013 10:48:44 AM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4228
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/9/2013 1:50:00 PM | Computer Name = Philipp-PC | Source = Microsoft Antimalware | ID = 2003
Description =
 
Error - 4/9/2013 1:50:48 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 1:50:48 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 1:50:49 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 4:43:05 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist von folgendem Dienst abhängig:
 NetBT. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 4/9/2013 4:47:02 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist von folgendem Dienst abhängig:
 NetBT. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >
--- --- ---

chapman 09.04.2013 22:32
Hallo,

Es war schon lustig als ich nach dem Neustart wieder alles geladen hatte, waren die Warnungen weg. Aber das muss ja nichts heißen oder?
Vielen Dank schonmal zumindest die Symptome sind weg. :P

aharonov 09.04.2013 22:35
Hi,

Zitat:
Aber das muss ja nichts heißen oder?
Überhaupt nichts ist da weg, es läuft ein unschönes Rootkit bei dir!
Mal schauen, ob wir es kleinkriegen.


Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von OTL

chapman 09.04.2013 23:59
Hallo,
also der Combo war gut beschäftigt, ich denke da war einiges los bei mir.

Hier die Daten:

Combofix Logfile:
Code:
ComboFix 13-04-09.01 - Philipp 04/10/2013  0:16.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2551.1864 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB18750$
c:\windows\$NtUninstallKB18750$\2367512805
c:\windows\$NtUninstallKB18750$\4208964577\@
c:\windows\$NtUninstallKB18750$\4208964577\Desktop.ini
c:\windows\$NtUninstallKB18750$\4208964577\L\00000004.@
c:\windows\$NtUninstallKB18750$\4208964577\L\201d3dde
c:\windows\$NtUninstallKB18750$\4208964577\L\76603ac3
c:\windows\$NtUninstallKB18750$\4208964577\L\xadqgnnk
c:\windows\$NtUninstallKB18750$\4208964577\U\00000004.@
c:\windows\$NtUninstallKB18750$\4208964577\U\00000008.@
c:\windows\$NtUninstallKB18750$\4208964577\U\000000cb.@
c:\windows\$NtUninstallKB18750$\4208964577\U\80000000.@
c:\windows\$NtUninstallKB18750$\4208964577\U\80000032.@
.
c:\windows\system32\drivers\netbt.sys . . . fehlt!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-09 bis 2013-04-09  ))))))))))))))))))))))))))))))
.
.
2013-04-09 17:40 . 2013-04-09 17:40        --------        d-----w-        c:\program files\CCleaner
2013-04-09 17:39 . 2013-04-09 17:40        --------        d-----w-        c:\program files\Google
2013-04-09 07:16 . 2013-03-06 22:33        199384        ----a-w-        c:\windows\system32\drivers\aswNdis2.sys
2013-04-09 07:16 . 2013-03-06 22:33        101656        ----a-w-        c:\windows\system32\drivers\aswFW.sys
2013-04-09 07:16 . 2013-03-06 22:33        21576        ----a-w-        c:\windows\system32\drivers\aswKbd.sys
2013-04-09 07:15 . 2013-03-06 22:11        12112        ----a-w-        c:\windows\system32\drivers\aswNdis.sys
2013-04-09 07:13 . 2013-03-06 22:33        368176        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-04-09 07:13 . 2013-03-06 22:33        29816        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-04-09 07:13 . 2013-03-06 22:33        60656        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-04-09 07:13 . 2013-03-06 22:33        62376        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-04-09 07:13 . 2013-03-06 22:33        765736        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-04-09 07:13 . 2013-03-06 22:33        164736        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-04-09 07:13 . 2013-03-06 22:33        49248        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-04-09 07:13 . 2013-03-06 22:33        66336        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-04-09 07:12 . 2013-03-06 22:32        41664        ----a-w-        c:\windows\avastSS.scr
2013-04-08 21:32 . 2009-07-14 01:16        249856        ----a-w-        c:\windows\system32\uxtheme.dll.backup
2013-04-08 21:32 . 2010-11-20 21:29        2755072        ----a-w-        c:\windows\system32\themeui.dll.backup
2013-04-08 21:32 . 2009-07-14 01:16        37376        ----a-w-        c:\windows\system32\themeservice.dll.backup
2013-04-08 21:05 . 2013-04-08 21:54        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-04-08 21:04 . 2013-04-09 20:42        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2
2013-04-08 19:21 . 2013-04-09 07:00        --------        d-----w-        c:\programdata\Avira
2013-04-08 18:54 . 2013-04-08 19:41        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 18:54 . 2013-04-08 19:41        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-04-08 16:52 . 2013-04-08 16:52        --------        d-----w-        c:\users\Philipp\AppData\Roaming\Malwarebytes
2013-04-08 16:52 . 2013-04-08 16:52        --------        d-----w-        c:\programdata\Malwarebytes
2013-04-08 16:51 . 2013-04-08 16:51        --------        d-----w-        c:\users\Philipp\AppData\Local\Programs
2013-04-06 15:55 . 2013-04-06 15:55        --------        d-----w-        c:\program files\Common Files\Skype
2013-04-05 06:36 . 2013-03-15 07:21        7108640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1899F17C-B50F-483A-B751-4C039ABF891A}\mpengine.dll
2013-04-01 11:08 . 2013-04-01 11:08        163088        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10143.bin
2013-03-29 11:05 . 2013-03-29 11:05        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 21:31 . 2013-02-12 03:32        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-03-11 16:22 . 2013-03-11 16:22        --------        d--h--w-        c:\programdata\CanonIJEPPEX
2013-03-11 16:22 . 2013-03-11 16:22        --------        d--h--w-        c:\programdata\CanonIJEGV
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-08 21:32 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2013-04-08 21:32 . 2010-11-20 21:29        2755072        ----a-w-        c:\windows\system32\themeui.dll
2013-04-08 21:32 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2013-03-11 23:10 . 2011-07-18 17:01        237088        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-09 09:44 . 2013-03-09 09:44        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 09:44 . 2012-06-25 11:22        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-03-09 09:44 . 2011-07-18 18:37        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-03-06 23:32 . 2011-07-18 17:21        228600        ----a-w-        c:\windows\system32\aswBoot.exe
2013-02-12 04:48 . 2013-03-13 07:20        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:20        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-27 02:18 . 2013-04-08 18:34        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32        121968        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32        129272        ----a-w-        c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-07-13 5796440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-9-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SA19xx Gere-Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2013-2-17 124760]
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2012-11-18 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.0.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11        287800        ----a-r-        c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-02-04 15:39        447152        ----a-w-        c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 aswVmm;aswVmm; [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 NETwLv32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-09 17:40        1642448        ----a-w-        c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 17:39]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 17:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 141.70.86.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\
FF - ExtSQL: 2013-04-04 12:21; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-04-04 12:21; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-04-04 12:21; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-04-09 00:47; langpack-de@firefox.mozilla.org; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\langpack-de@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-04-09 00:49; {338e0b96-2285-4424-b4c8-e25560750fa3}; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
FF - ExtSQL: 2013-04-09 01:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-09 09:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
MSConfigStartUp-Nimbuzz - c:\program files\Nimbuzz\Nimbuzz.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-Spotify - c:\users\Philipp\AppData\Roaming\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3852)
c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-10  00:38:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-09 22:38
.
Vor Suchlauf: 3,692,408,832 Bytes frei
Nach Suchlauf: 2,105,118,720 Bytes frei
.
- - End Of File - - DA8F2D2786BCC4142F6A7D66C201D428
--- --- ---



Und hier OTL:OTL Logfile:
Code:
OTL logfile created on: 4/10/2013 12:46:45 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 52.82% Memory free
3.65 Gb Paging File | 2.41 Gb Available in Paging File | 66.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.50 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:22:06 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netbt.sys -- (NetBT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philipp\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/10 00:33:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/10 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\temp
[2013/04/09 23:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 23:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 23:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- \Qoobox
[2013/04/09 23:54:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 23:50:30 | 005,050,253 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 22:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/10 00:50:31 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 00:50:31 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 00:50:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 00:43:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 00:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 00:41:53 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 00:33:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 23:50:32 | 005,050,253 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | M] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:23 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/09 23:58:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:58:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:58:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:58:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:58:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | C] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:19 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/11/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Advanced Chemistry Development
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/09/27 15:19:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Avanquest Bluetooth SDK
[2013/04/09 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/05/28 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2011/07/22 13:01:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonEPP
[2012/05/02 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/03/11 18:22:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/03/11 18:22:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX2
[2012/05/02 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJMSetup
[2012/05/03 14:44:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2013/04/05 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2012/05/02 22:57:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2012/05/03 14:45:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenuEX
[2012/05/02 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJWSpt
[2013/03/21 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2011/07/21 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\OriginLab
[2012/08/14 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Panasonic
[2012/03/11 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009/07/14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Anwendungsdaten
[2011/07/18 18:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Contacts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Cookies
[2013/04/09 23:51:29 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Desktop
[2013/04/05 09:47:31 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Documents
[2013/04/09 23:51:29 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Downloads
[2013/04/10 00:44:35 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Dropbox
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Druckumgebung
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Eigene Dateien
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Favorites
[2012/07/21 08:48:56 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Links
[2012/05/03 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Local Settings
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Lokale Einstellungen
[2013/03/26 01:43:19 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Music
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Netzwerkumgebung
[2012/11/20 02:21:11 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Pictures
[2012/03/01 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Podcasts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Recent
[2012/07/21 08:48:54 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Saved Games
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Searches
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\SendTo
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Startmenü
[2011/07/18 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\SystemRequirementsLab
[2013/04/09 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Tracing
[2012/09/25 04:39:07 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Videos
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Vorlagen
[2013/04/10 00:38:51 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/04/09 19:40:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011/07/21 21:18:56 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011/12/09 00:18:14 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/03/12 11:13:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/03/01 20:45:26 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Ist es jetzt geschafft?

Gruß

aharonov 10.04.2013 00:11
Hi,

Zitat:
Ist es jetzt geschafft?
Nein, mit diesem ZeroAccess-Rootkit spielst du in der Königsklasse mit, das ist alles andere als harmlos.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:OTL
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 3
Code:
/md5start
netbt.sys
/md5stop
  • Schliesse bitte nun alle anderen Programme.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAR
  • Log von OTL

chapman 10.04.2013 00:55
hier der erste OTL:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46521DF-FC58-4925-A919-3C9CA2CF646D}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Philipp
->Temp folder emptied: 2422 bytes
->Temporary Internet Files folder emptied: 3560 bytes
->Java cache emptied: 2401769 bytes
->FireFox cache emptied: 6807694 bytes
->Google Chrome cache emptied: 6105213 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116122833 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04102013_011507

Files\Folders moved on Reboot...
C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.09.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Philipp :: PHILIPP-PC [administrator]

4/10/2013 1:40:29 AM
mbar-log-2013-04-10 (01-40-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26698
Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)OTL Logfile:
Code:
OTL logfile created on: 4/10/2013 1:43:50 AM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 58.39% Memory free
4.98 Gb Paging File | 3.82 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.19 Gb Free Space | 2.94% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netbt.sys -- (NetBT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philipp\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/10 00:33:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/10 01:23:26 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- \_OTL
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/10 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\temp
[2013/04/09 23:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 23:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 23:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- \Qoobox
[2013/04/09 23:54:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 23:50:30 | 005,050,253 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 22:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/10 01:25:19 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 01:25:18 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 01:22:56 | 012,894,739 | ---- | M] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/10 01:18:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 01:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 01:16:45 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 00:50:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 00:33:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 23:50:32 | 005,050,253 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | M] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:23 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/10 01:22:38 | 012,894,739 | ---- | C] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/09 23:58:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:58:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:58:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:58:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:58:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | C] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:19 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/11/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Advanced Chemistry Development
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/09/27 15:19:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Avanquest Bluetooth SDK
[2013/04/09 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/05/28 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2011/07/22 13:01:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonEPP
[2012/05/02 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/03/11 18:22:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/03/11 18:22:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX2
[2012/05/02 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJMSetup
[2012/05/03 14:44:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2013/04/05 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2012/05/02 22:57:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2012/05/03 14:45:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenuEX
[2012/05/02 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJWSpt
[2013/03/21 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2011/07/21 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\OriginLab
[2012/08/14 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Panasonic
[2012/03/11 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009/07/14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Anwendungsdaten
[2011/07/18 18:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Contacts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Cookies
[2013/04/10 01:23:26 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Desktop
[2013/04/05 09:47:31 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Documents
[2013/04/10 01:23:15 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Downloads
[2013/04/10 01:19:51 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Dropbox
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Druckumgebung
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Eigene Dateien
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Favorites
[2012/07/21 08:48:56 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Links
[2012/05/03 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Local Settings
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Lokale Einstellungen
[2013/03/26 01:43:19 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Music
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Netzwerkumgebung
[2012/11/20 02:21:11 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Pictures
[2012/03/01 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Podcasts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Recent
[2012/07/21 08:48:54 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Saved Games
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Searches
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\SendTo
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Startmenü
[2011/07/18 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\SystemRequirementsLab
[2013/04/09 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Tracing
[2012/09/25 04:39:07 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Videos
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Vorlagen
[2013/04/10 00:38:51 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/04/09 19:40:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011/07/21 21:18:56 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011/12/09 00:18:14 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/03/12 11:13:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/03/01 20:45:26 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: NETBT.SYS  >
[2010/11/20 23:29:08 | 000,187,904 | ---- | M] () MD5=906784CFE6BD222F4DEF2A052F7EA416 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
 
<          >
[2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >
--- --- ---

Ist der PC jetzt sauber?

Gruß

aharonov 10.04.2013 01:14
Zitat:
Ist der PC jetzt sauber?
Nur Geduld, ich werd es dich schon wissen lassen, wenn es soweit ist.. ;)
In anderen Foren lassen sie konsequent formatieren bei diesem Teil.



Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.

chapman 10.04.2013 01:25
Hi,

hier der Link:

https://www.virustotal.com/de/file/b892c46cbf32de2a14f18dd7ceebe1f9d2f05b6e3421950b069334e475cfcd83/analysis/1365553454/

aharonov 10.04.2013 01:44
Ach shit, diese Kopie ist auch hinüber.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
:files
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Gehe zu Start -> Alle Programme -> Zubehör, mache einen Rechtsklick auf Eingabeaufforderung und wähle "Als Administrator ausführen".
Gib dann folgenden Befehl ein und bestätige mit Enter:
Code:
sfc /scannow
Es sollte nun nach beschädigten und fehlenden Systemdateien gesucht werden.



Schritt 3
Code:
/md5start
netbt.sys
/md5stop
  • Schliesse bitte alle anderen Programme.
  • Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
  • Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von OTL

chapman 10.04.2013 02:04
Hallo
hier der OTL:
========== FILES ==========
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04102013_024635

Nachdem dieser Durchlauf gemacht wurde hat sich avast! den Rootkit eingefangen!

Windows Re.schutz hat beschädigte Dateien gefunden und erfolgreich repariert.

2. OTLOTL Logfile:
Code:
OTL logfile created on: 4/10/2013 3:01:58 AM - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 47.89% Memory free
4.98 Gb Paging File | 3.63 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.16 Gb Free Space | 2.90% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========

< End of report >
--- --- ---
Cool das ich nicht formatieren musste :)

aharonov 10.04.2013 02:37
Hi,

wir sollten noch eine Kontrolle machen und deine Sicherheitslücken schliessen.


Schritt 1

Downloade dir bitte Malwarebytes Anti-Malware.
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 3

Downloade dir bitte SecurityCheck (Link 1, Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL

chapman 10.04.2013 20:06
Leider hat sich die seite grad aufgehängt, wahrscheinlich hab ich zu lange gewartet...
Dabei ist mein Post verloren gegangen aber ich habs gefunden:

OTL:OTL Logfile:
Code:
OTL logfile created on: 4/10/2013 8:49:19 PM - Run 5
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 47.04% Memory free
3.69 Gb Paging File | 2.41 Gb Available in Paging File | 65.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.34 Gb Free Space | 4.48% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 465.75 Gb Total Space | 107.92 Gb Free Space | 23.17% Space Free | Partition Type: NTFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philipp\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/10 00:33:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/03/05 18:57:06 | 000,000,120 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/10 17:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/04/10 17:17:02 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Philipp\Desktop\esetsmartinstaller_enu.exe
[2013/04/10 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/10 16:57:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/10 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/10 01:23:26 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- \_OTL
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/10 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\temp
[2013/04/09 23:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 23:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 23:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- \Qoobox
[2013/04/09 23:54:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 23:50:30 | 005,050,253 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 22:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/10 20:50:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 19:50:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 17:17:10 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Philipp\Desktop\esetsmartinstaller_enu.exe
[2013/04/10 17:00:05 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 17:00:05 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 16:57:42 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 16:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 16:49:57 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 01:22:56 | 012,894,739 | ---- | M] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/10 00:33:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 23:50:32 | 005,050,253 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | M] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:23 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/10 16:57:42 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 01:22:38 | 012,894,739 | ---- | C] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/09 23:58:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:58:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:58:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:58:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:58:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | C] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:19 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/11/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Advanced Chemistry Development
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/09/27 15:19:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Avanquest Bluetooth SDK
[2013/04/09 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/05/28 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2011/07/22 13:01:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonEPP
[2012/05/02 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/03/11 18:22:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/03/11 18:22:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX2
[2012/05/02 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJMSetup
[2012/05/03 14:44:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2013/04/05 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2012/05/02 22:57:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2012/05/03 14:45:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenuEX
[2012/05/02 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJWSpt
[2013/03/21 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2011/07/21 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\OriginLab
[2012/08/14 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Panasonic
[2012/03/11 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009/07/14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Anwendungsdaten
[2011/07/18 18:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Contacts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Cookies
[2013/04/10 17:17:32 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Desktop
[2013/04/05 09:47:31 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Documents
[2013/04/10 20:44:51 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Downloads
[2013/04/10 16:54:15 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Dropbox
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Druckumgebung
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Eigene Dateien
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Favorites
[2012/07/21 08:48:56 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Links
[2012/05/03 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Local Settings
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Lokale Einstellungen
[2013/03/26 01:43:19 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Music
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Netzwerkumgebung
[2012/11/20 02:21:11 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Pictures
[2012/03/01 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Podcasts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Recent
[2012/07/21 08:48:54 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Saved Games
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Searches
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\SendTo
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Startmenü
[2011/07/18 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\SystemRequirementsLab
[2013/04/09 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Tracing
[2012/09/25 04:39:07 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Videos
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Vorlagen
[2013/04/10 00:38:51 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/04/10 16:57:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011/07/21 21:18:56 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011/12/09 00:18:14 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/03/12 11:13:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/03/01 20:45:26 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Malwarebytes:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.10.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Philipp :: PHILIPP-PC [Administrator]

Schutz: Deaktiviert

4/10/2013 4:59:36 PM
mbam-log-2013-04-10 (16-59-36).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208531
Laufzeit: 15 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)





Eset hat nichts gefunden!!!




Ach ja der Security check:

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0)
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

aharonov 11.04.2013 00:14
Hallo,

das Ding sollte jetzt erlegt sein..
Wir räumen noch auf.


Schritt 1

Lade bitte folgendermassen Dateien zur Analyse hoch:
  • Deaktiviere bitte temporär deinen Virenscanner.
  • Suche folgenden Ordner
    C:\_OTL\MovedFiles
    und packe ihn in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
  • Gehe nun zum Trojaner-Board Upload-Channel:
    1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
    2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
    3. Gib deinen Benutzernamen ein.
    4. Drücke auf den Button Hochladen.
  • Du kannst jetzt deinen Virenscanner wieder aktivieren.
    (bebilderte Anleitung)



Schritt 2

Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader über
    Start --> Systemsteuerung --> Software (bei Windows XP)
    Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Windows 7)
  • Besuche diese Seite von Adobe.
  • Entferne gegebenenfalls den Haken bei McAfee Security Scan bzw. Google Chrome.
  • Drücke auf Jetzt herunterladen und installiere die neuste Version.

Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.



Cleanup

Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
  1. Falls zu Beginn defogger verwendet wurde, dann starte defogger und drücke den Button Re-enable.
  2. Falls Combofix eingesetzt wurde, dann deaktiviere jetzt temporär das Antivirenprogramm, benenne bei der auf dem Desktop vorhandenen Combofix.exe das "Combofix" im Dateinamen um in Uninstall und führe sie mit Doppelklick aus.
  3. Bei MBAM würd ich dir unbedingt empfehlen, es zu behalten und wöchentlich einen Quick-Scan durchzuführen. Wenn du es nicht weiter verwenden möchtest, kannst du es jetzt normal über die Systemsteuerung deinstallieren.
  4. Auch den ESET Online Scanner kannst du behalten, um ab und zu (monatlich) für eine Zweitmeinung dein System damit zu scannen. Falls du ESET deinstallieren möchtest, dann kannst du das ebenfalls über die Systemsteuerung tun.
  5. Downloade dir bitte auf jeden Fall DelFix auf deinen Desktop.
    • Schliesse alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u.a. alle von uns verwendeten Programme und löscht sich anschliessend selbst.
  6. Wenn jetzt noch etwas übriggeblieben ist, dann kannst du es einfach manuell löschen.




>> OK <<
Wir sind durch, deine Logs sehen für mich im Moment sauber aus. :daumenhoc

Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst.

Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann.




Epilog: Tipps, Dos & Don'ts

Aktualität von System und Software

Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
  • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
  • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Auch die installierte Software sollte immer in der aktuellsten Version vorliegen.
Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
  • Mit diesem kleinen Plugin-Check kannst du regelmässig diese Komponenten auf deren Aktualität überprüfen.
  • Achte auch darauf, dass alte, nicht mehr verwendete Versionen deinstalliert sind.
  • Optional: Das Programm Secunia Personal Software Inspector kann dich dabei unterstützen, stets die aktuellen Versionen sämtlicher installierter Software zu nutzen.

Sicherheits-Software

Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt).
Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
  • Nutze einen Virenscanner mit Hintergrundwächter mit stets aktueller Datenbank. Welches Produkt gewählt wird, spielt keine so entscheidende Rolle. Es gibt kommerzielle Versionen, aber ein kostenloser Scanner mit den Grundfunktionen wie beispielsweise Avast! Free Antivirus sollte ausreichen. Betreibe aber keinesfalls zwei Wächter parallel, die würden sich gegenseitig behindern.
  • Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.
  • Zusätzlich zum Virenscanner kannst du dein System regelmässig mit einem On-Demand Antimalwareprogramm scannen. Empfehlenswert ist die Free-Version von Malwarebytes Anti-Malware. Vor jedem Scan die Datenbank updaten.
  • Optional: Das Programm Sandboxie führt Anwendungen in einer isolierten Umgebung ("Sandkasten") aus, so dass keine Änderungen am System vorgenommen werden können. Wenn du deinen Browser darin startest, vermindert sich die Chance, dass beim Surfen eingefangene Malware sich dauerhaft im System festsetzen kann.
  • Optional: Das Addon WOT (web of trust) warnt dich vor einer als schädlich gemeldeten Website, bevor sie geladen wird. Für verschiedene Browser erhältlich.

Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt.
Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
  • NoScript verhindert standardmässig das Ausführen von aktiven Inhalten (Java, JavaScript, Flash, ..) für sämtliche Websites. Du kannst selber nach dem Prinzip einer Whitelist festlegen, welchen Seiten du vertrauen und Scripts erlauben willst, auch temporär.
  • Adblock Plus blockt die meisten Werbebanner weg. Solche Banner können nebst ihrer störenden Erscheinung auch als Infektionsherde fungieren.

(Un-)Sicheres Verhalten im Internet

Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.

Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
  • Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher (und ein beliebter) Weg, um Malware zu verbreiten.
  • Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kannst du dir nie sicher sein, ob auch wirklich drin ist, was drauf steht.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe mit Vorsicht und lass dich nicht von irgendwie interessant erscheinenden Elementen zu einem vorschnellen Klick verleiten. Lass dich nicht von Popups täuschen, die aussehen wie System- oder Virenmeldungen.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst du von einem deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant oder skandalös tönt, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und du solltest nicht denselben Fehler machen.
  • Lass die Dateiendungen anzeigen, so dass du dich nicht täuschen lässt, wenn eine ausführbare Datei über ein doppelte Dateiendung kaschiert wird, z.B. Nacktfoto.jpg.exe.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen fürs Programm irrelevanten Ergänzungen.

Allgemeine Hinweise

Abschliessend noch ein paar grundsätzliche Bemerkungen:
  • Dein Benutzerkonto für den alltäglichen Gebrauch sollte nicht über Administratorenrechte verfügen. Nutze ein Konto mit eingeschränkten Rechten (Windows XP) bzw. aktiviere die Benutzerkontensteuerung (UAC) auf der höchsten Stufe (Windows Vista / 7).
  • Erstelle regelmässig Backups deiner Daten und Dokumente auf externen Datenträgern, bei wichtigen Dateien mindestens zweifach. Nicht nur ein Malwarebefall kann schmerzhaften Datenverlust nach sich ziehen sondern auch ein gewöhnlicher Festplattendefekt.
  • Die Autorun/Autoplay-Funktion stellt ein Risiko dar, denn sie ermöglicht es, dass beispielsweise beim Einstecken eines entsprechend infizierten USB-Sticks der Befall auf den Rechner überspringt. Überlege dir, ob du diese Funktion nicht besser deaktivieren möchtest.
  • Wähle deine Passwörter gemäss den gängigen Regeln, um besser gegen Brute-Force- und Wörterbuchattacken gewappnet zu sein. Benutze jedes deiner Passwörter nur einmal und ändere sie regelmässig.
  • Der Nutzen von Registry-Cleanern zur Performancesteigerung ist umstritten. Auf jeden Fall lässt sich damit grosser Schaden anrichten, wenn man nicht weiss, was man tut. Wir empfehlen deshalb, die Finger von der Registry zu lassen. Um von Zeit zu Zeit die temporären Dateien zu löschen, genügt TFC.

Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen.
Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

chapman 11.04.2013 01:08
Vieeelen Dank für die schnelle und kompetente Hilfe! Ich werde das Forum auf jedenfall weiterempfehlen und natürlich die nützlichen Tipps in Zukunft beachten!

Beste Grüße

Chapman

aharonov 11.04.2013 01:14
Danke für die Rückmeldung.


Freut mich, dass wir helfen konnten. :abklatsch:

Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun.

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19