| markus.joerg | 29.08.2012 14:56 |
Trojaner: Dropper.Generic_c.MMI
Hallo erstmal, ich bin ganz frisch hier im Forum und möchte somit auch erstmal Hallo sagen und schonmal im Vorfeld für Eure Hilfe mich bedanken.
Seit einigen Tagen habe ich wie im Topic erwähnt, folgendes Problem
"C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI"
Mir ist also aufgefallen das er sehr widerspenstig gegen alle unternehmungen meiner seits gewesen ist. Habe auch sehr viel darüber gelesen und auch mehrere englische Seiten gesehen wo dort durch manuelles spezifisches Löschen gewisser Windows "registry"-Einträge das problem behoben wurde.
An dieses Thema mit der "registry" traue ich mich aber seit dem erscheinen von Win Vista nicht mehr heran.
Und nach weiteren recherchen bin ich immer wieder auf dieses Forum gestoßen.
Nun gut nun mal zum eingemachten:
Mein Betriebssystem ist Win7 64bit Version
Hier die
Logfile von AVG Free HTML-Code:
"Scan ""Bestimmte Dateien/Ordner scannen"" wurde beendet."
"Infektionen";"1";"0";"1"
"Warnungen";"147";"58";"89"
"Für den Scanvorgang ausgewählte Ordner:";"C:\;"
"Start des Scans:";"Mittwoch, 29. August 2012, 15:01:34"
"Scan beendet:";"Mittwoch, 29. August 2012, 15:20:18 (18 Minute(n) 43 Sekunde(n))"
"Gesamtanzahl gescannter Objekte:";"252069"
"Benutzer, der den Scan gestartet hat:";"eMJay"
"Infektionen"
"Datei";"Infektion";"Ergebnis"
"C:\Windows\System32\services.exe";"Trojaner: Dropper.Generic_c.MMI";"Objekt befindet sich auf der Whitelist (wichtige Systemdatei, die nicht entfernt werden darf)"
"Warnungen"
"Datei";"Infektion";"Ergebnis"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt:\adtiger.de.3cbd1331";"Tracking cookie.Adtiger gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtiger[2].txt";"Tracking cookie.Adtiger gefunden";"Geheilt"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt:\adtech.de.b82cc00f";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.d7291c6b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.f462b69f";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.dd15d628";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.cef1c7af";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.c1dd09f2";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.a5b6a132";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.88317d98";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\zedo.com.27f1639b";"Tracking cookie.Zedo gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\yadro.ru.c77afad5";"Tracking cookie.Yadro gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\weborama.fr.30104bcb";"Tracking cookie.Weborama gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.f4648305";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.ba12c0e9";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\tradedoubler.com.adc507fa";"Tracking cookie.Tradedoubler gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\statse.webtrendslive.com.b4ca7df0";"Tracking cookie.Webtrendslive gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.ec9679e4";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.bf8b766";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.af3b05a6";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.5550c4ed";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\smartadserver.com.321a5cf8";"Tracking cookie.Smartadserver gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.4cd8c2e9";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.83b89ffa";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.82a499d7";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ru4.com.5a5e0633";"Tracking cookie.Ru4 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.dae801b8";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.c1cf4a2d";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.50e13b1b";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.46bdaf68";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.44927ec";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.3983b30a";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1ecc4d24";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\revsci.net.1d1a4fbf";"Tracking cookie.Revsci gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\realmedia.com.855b46d";"Tracking cookie.Realmedia gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Tracking cookie.Questionmarket gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pro-market.net.bbf67f2d";"Tracking cookie.Pro-market gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.f2d5a6f6";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\pointroll.com.72c0abc9";"Tracking cookie.Pointroll gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.ab37cbaa";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\mediaplex.com.323e9a10";"Tracking cookie.Mediaplex gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\liveperson.net.8db0737c";"Tracking cookie.Liveperson gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\fastclick.net.8a6435e9";"Tracking cookie.Fastclick gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.80ad4799";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\casalemedia.com.1e1e0e23";"Tracking cookie.Casalemedia gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\bs.serving-sys.com.46763078";"Tracking cookie.Serving-sys gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.c0476bb7";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adviva.net.39ec90c";"Tracking cookie.Adviva gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.525a5fb9";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\advertising.com.1dfa2206";"Tracking cookie.Advertising gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.db31947b";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.7021666f";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtiger.de.66a6d9f0";"Tracking cookie.Adtiger gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.d5e309c2";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.cd21573";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.71beeff9";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.557c9f74";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.44f92a69";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\adbrite.com.215df2f3";"Tracking cookie.Adbrite gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.b4be891c";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.9ffdf2e7";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.e61f82a7";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\71i.de.b6b4dd3e";"Tracking cookie.71i gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.f85519c9";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.87f47d84";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.834e8c33";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite:\2o7.net.55e0f57c";"Tracking cookie.2o7 gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\cookies.sqlite";"Tracking cookie.Atdmt gefunden";"Potentiell gefährliches Objekt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\Low\emjay@atdmt[2].txt";"Tracking cookie.Atdmt gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.ef90aa95";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.eab0972e";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt:\tradedoubler.com.dc3c9994";"Tracking cookie.Tradedoubler gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@tradedoubler[1].txt";"Tracking cookie.Tradedoubler gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.c5827141";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt:\smartadserver.com.2810c5c0";"Tracking cookie.Smartadserver gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@smartadserver[2].txt";"Tracking cookie.Smartadserver gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.db46cecc";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.bb39fa8c";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.a222cbcd";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.841298c4";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt:\serving-sys.com.176b0dad";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.f652b123";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt:\mediaplex.com.dc30fb3c";"Tracking cookie.Mediaplex gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@mediaplex[2].txt";"Tracking cookie.Mediaplex gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt:\ivwbox.de.41d82fe2";"Tracking cookie.Ivwbox gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ivwbox[2].txt";"Tracking cookie.Ivwbox gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt:\bs.serving-sys.com.5bf1f00f";"Tracking cookie.Serving-sys gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@bs.serving-sys[2].txt";"Tracking cookie.Serving-sys gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.b3e33b5f";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.9e6d7fd3";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.74c5668";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt:\atdmt.com.7247c262";"Tracking cookie.Atdmt gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@atdmt[1].txt";"Tracking cookie.Atdmt gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt:\adtech.de.a9245469";"Tracking cookie.Adtech gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@adtech[1].txt";"Tracking cookie.Adtech gefunden";"Geheilt"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.e626e6be";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.b68f2b7b";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Tracking cookie.Yieldmanager gefunden";"In Virenquarantäne verschoben"
"C:\Users\eMJay\AppData\Roaming\Microsoft\Windows\Cookies\emjay@ad.yieldmanager[2].txt";"Tracking cookie.Yieldmanager gefunden";"Geheilt"
Defogger ausgeführt und noch nicht wieder Re-Enabled
logfile von OLT HTML-Code:
OTL logfile created on: 29.08.2012 14:35:47 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\eMJay\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 43,16% Memory free
7,99 Gb Paging File | 5,58 Gb Available in Paging File | 69,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 87,74 Gb Free Space | 58,87% Space Free | Partition Type: NTFS
Drive D: | 427,59 Gb Total Space | 83,70 Gb Free Space | 19,57% Space Free | Partition Type: NTFS
Drive E: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive N: | 15,00 Gb Total Space | 14,97 Gb Free Space | 99,79% Space Free | Partition Type: FAT
Computer Name: LUCY | User Name: eMJay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe
PRC - [2012.07.20 10:48:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.21 12:55:52 | 000,989,264 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.27 08:27:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.24 00:00:29 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.06.09 18:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010.02.05 19:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.02.04 23:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.12 21:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012.07.20 10:48:41 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.16 01:36:43 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.01.19 16:28:27 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\758e0ce53c80a7ad7cf76a4910d27762\System.Management.ni.dll
MOD - [2011.01.18 21:37:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll
MOD - [2011.01.18 21:37:13 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll
MOD - [2011.01.18 21:36:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2011.01.18 21:36:42 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2011.01.18 21:36:37 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll
MOD - [2011.01.18 21:36:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll
MOD - [2011.01.18 21:36:13 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2011.01.18 21:36:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2011.01.18 21:36:07 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2011.01.18 21:35:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2011.01.11 01:25:48 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.02 22:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010.03.15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.02.24 00:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010.02.24 00:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010.02.24 00:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010.02.24 00:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010.02.24 00:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007.05.15 00:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:[b]64bit:[/b] - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:[b]64bit:[/b] - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:[b]64bit:[/b] - [2010.03.30 16:12:23 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009.12.08 01:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV - [2012.07.20 10:48:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.09 18:23:10 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011.03.29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2011.11.21 12:52:50 | 000,199,752 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ui11rdr.SYS -- (ui11rdr)
DRV:[b]64bit:[/b] - [2011.09.13 09:57:09 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:[b]64bit:[/b] - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011.05.06 08:27:09 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:[b]64bit:[/b] - [2011.04.09 18:23:09 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:[b]64bit:[/b] - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:[b]64bit:[/b] - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:[b]64bit:[/b] - [2011.01.24 00:12:59 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:[b]64bit:[/b] - [2011.01.05 21:48:49 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:[b]64bit:[/b] - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:[b]64bit:[/b] - [2010.07.21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:[b]64bit:[/b] - [2010.04.08 10:11:59 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2010.03.30 16:46:01 | 006,657,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2010.03.30 15:23:33 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2010.02.09 12:19:13 | 001,586,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:[b]64bit:[/b] - [2009.12.22 11:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009.10.07 09:13:33 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:[b]64bit:[/b] - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2009.05.05 04:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:[b]64bit:[/b] - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:[/b] - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:[b]64bit:[/b] - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=13170&l=dis
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO&o=101917&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=EV&apn_dtid=YYYYYYYYDE&apn_uid=D5F45CB4-FE12-465C-B6F2-F1D18005CBC4&apn_sauid=F295B89A-D9FE-42A5-87F8-79ACEB4DD797
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.7.0190
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\eMJay\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.12.28 01:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.12.28 01:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2011.12.28 01:28:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 10:48:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 15:07:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 01:28:20 | 000,000,000 | ---D | M]
[2011.01.20 09:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Extensions
[2012.08.23 11:11:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions
[2012.08.23 11:11:19 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012.03.15 21:39:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.28 01:29:40 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\eMJay\AppData\Roaming\mozilla\Firefox\Profiles\tbhqbc2g.default\extensions\DTToolbar@toolbarnet.com
[2012.06.11 09:35:19 | 000,002,397 | ---- | M] () -- C:\Users\eMJay\AppData\Roaming\Mozilla\Firefox\Profiles\tbhqbc2g.default\searchplugins\askcom.xml
[2012.07.26 17:59:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.01 22:55:58 | 000,031,289 | ---- | M] () (No name found) -- C:\USERS\EMJAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TBHQBC2G.DEFAULT\EXTENSIONS\AUTOFORMER2@MOZILLA.ORG.XPI
[2012.07.20 10:48:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 15:07:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.12 03:29:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 03:29:51 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.12 03:29:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 03:29:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 03:29:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 03:29:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\eMJay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll (IE Toolbar)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:[b]64bit:[/b] - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\eMJay\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:[b]64bit:[/b] - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\eMJay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB771FF-0609-4518-B578-B03B8BAEA8D0}: DhcpNameServer = 192.168.178.1
O18:[b]64bit:[/b] - Protocol\Handler\cdo - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{081a25fb-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{081a2606-1da9-11e0-8ec4-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15b566ce-c75d-11df-8701-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{5cd02d9e-a1a4-11e0-b1c1-20cf305d6d98}\Shell\AutoRun\command - "" = G:\NPSAI.exe
O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{8f8658c1-261d-11e0-b2c6-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e3ea90-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e3ea9f-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e3eab4-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e3eab6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e3ead6-1bfd-11e0-b546-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{bda3a9f4-58b3-11e0-b672-20cf305d6d98}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cf5dac-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cf5db0-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cf5dbd-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cf5dc1-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell - "" = AutoRun
O33 - MountPoints2\{c4cf5df5-18da-11e0-986f-20cf305d6d98}\Shell\AutoRun\command - "" = K:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.08.29 14:14:00 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe
[2012.08.26 00:10:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.08.06 11:19:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.08.01 01:34:07 | 000,000,000 | ---D | C] -- C:\Users\eMJay\Desktop\Musik
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.08.29 14:35:39 | 000,000,168 | ---- | M] () -- C:\Users\eMJay\defogger_reenable
[2012.08.29 14:34:51 | 000,050,477 | ---- | M] () -- C:\Users\eMJay\Desktop\Defogger.exe
[2012.08.29 14:14:07 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\eMJay\Desktop\OTL.exe
[2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 13:48:39 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.29 13:48:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.29 13:47:17 | 105,215,959 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012.08.29 13:41:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.08.29 13:41:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.29 13:41:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.29 13:41:09 | 3219,505,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job
[2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job
[2012.08.12 23:18:40 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 23:18:40 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 23:18:40 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 23:18:40 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 23:18:40 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.08.29 14:35:39 | 000,000,168 | ---- | C] () -- C:\Users\eMJay\defogger_reenable
[2012.08.29 14:34:50 | 000,050,477 | ---- | C] () -- C:\Users\eMJay\Desktop\Defogger.exe
[2012.08.25 23:39:11 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000064.@
[2012.08.25 23:39:11 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\L\00000004.@
[2012.08.25 23:39:10 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000008.@
[2012.08.25 23:39:09 | 000,093,184 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000032.@
[2012.08.25 23:39:08 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\000000cb.@
[2012.08.25 23:39:06 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\80000000.@
[2012.08.25 23:39:05 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\U\00000004.@
[2011.04.17 10:54:43 | 000,000,000 | ---- | C] () -- C:\Users\eMJay\AppData\Local\prvlcl.dat
[2011.03.15 19:42:18 | 000,007,602 | ---- | C] () -- C:\Users\eMJay\AppData\Local\Resmon.ResmonCfg
[2011.02.06 21:34:09 | 000,185,199 | ---- | C] () -- C:\Windows\hpoins44.dat
[2011.01.30 13:06:41 | 000,007,168 | ---- | C] () -- C:\Users\eMJay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.23 18:07:14 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.01.23 18:07:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.01.12 10:24:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.05 20:42:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@
[2010.09.24 00:09:14 | 000,002,048 | -HS- | C] () -- C:\Users\eMJay\AppData\Local\{495cf38c-3328-b699-d4c9-cbf25ee14852}\@
[2010.09.23 23:54:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.23 23:50:51 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.09.23 23:40:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[color=#E56717]========== LOP Check ==========[/color]
[2012.01.18 13:33:31 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\1&1
[2011.12.28 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Asus WebStorage
[2011.01.20 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.24 00:13:57 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DAEMON Tools Lite
[2012.03.15 21:47:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\DVDVideoSoft
[2011.06.24 01:00:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\EeeStorageUploader
[2012.03.11 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\GetRightToGo
[2011.05.18 23:51:11 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\InterTrust
[2011.01.22 06:01:06 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Local
[2012.05.20 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\TS3Client
[2012.05.19 10:45:17 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\ts3overlay
[2011.07.21 00:04:13 | 000,000,000 | ---D | M] -- C:\Users\eMJay\AppData\Roaming\Verbindungsassistent
[2012.08.28 12:58:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000Core.job
[2012.08.29 00:58:00 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4038908083-2766418914-3106182248-1000UA.job
[2011.03.15 20:37:55 | 000,024,306 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
< End of report >
Die EXTRAS.TXT ist im Anhang
GMER.exe hat nichts gefunden
jetzt bin ich natürlich ein wenig ratlos wie es weiter gehen soll.
Ich hoffe das ihr jetzt alle Informationen habt die Ihr brauchen werdet um mir zu helfen
Mit freundlichem Gruß
eMJay |
