| |
| |||||||
Log-Analyse und Auswertung: Antivir blockt mor.exeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.09.2012, 08:18
| #1 |
 |  Antivir blockt mor.exe Hallo liebes Trojanerboard, mein Avira Scanner hat beim Surfen auf www.kuhnshop.de die Ausführung von mor.exe geblockt: Gesperrte Anwendung: Lokale IP: 0.0.0.0 Lokaler Port: 7621 Remote IP: 127.0.0.1 Remote Port: 12460 Aktionscode: Connect Pfad der Anwendung: C:\Users\JUDITH~1\AppData\Local\Temp\mor.exe Zur Vorgeschichte: ich erhielt eine Spammail, die mich aufforderte eine noch nicht beglichene Rechnung von über 5000,- € bei Kuhn Versand zu bezahlen. Ich hab mir über Google die Seite rausgesucht und habe auf der Website auf Impressum geklickt - dann kam der Block. Daraufhin habe ich einen Scan mit Antivir gemacht, das Programm hat auch was gefunden, hier das Logfile: Code:
ATTFilter Avira Internet Security 2012
Erstellungsdatum der Reportdatei: Sonntag, 2. September 2012 11:11
Es wird nach 4205569 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : 2212046140-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHARMIANATHOME
Versionsinformationen:
BUILD.DAT : 12.0.0.1128 48679 Bytes 18.07.2012 18:52:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 31.07.2012 08:38:36
AVSCAN.DLL : 12.3.0.15 66256 Bytes 18.06.2012 21:41:47
LUKE.DLL : 12.3.0.15 68304 Bytes 18.06.2012 21:42:07
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 18.06.2012 21:42:29
AVREG.DLL : 12.3.0.17 232200 Bytes 18.06.2012 21:42:28
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 11:47:38
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:47:48
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:20:45
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:10:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:46:58
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:02:04
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:02:04
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:02:04
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:02:04
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:02:04
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:02:04
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:02:04
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:02:04
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:02:05
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 19:09:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 08:41:29
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 21:34:45
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 08:39:10
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 07:02:28
VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 15:30:03
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 19:30:03
VBASE021.VDF : 7.11.39.207 165888 Bytes 14.08.2012 16:06:37
VBASE022.VDF : 7.11.40.9 156160 Bytes 16.08.2012 18:37:57
VBASE023.VDF : 7.11.40.49 133120 Bytes 17.08.2012 20:19:08
VBASE024.VDF : 7.11.40.95 156160 Bytes 20.08.2012 14:34:43
VBASE025.VDF : 7.11.40.155 181760 Bytes 22.08.2012 08:34:58
VBASE026.VDF : 7.11.40.205 203264 Bytes 23.08.2012 13:03:01
VBASE027.VDF : 7.11.41.29 188416 Bytes 27.08.2012 20:18:40
VBASE028.VDF : 7.11.41.87 250368 Bytes 30.08.2012 10:36:12
VBASE029.VDF : 7.11.41.88 2048 Bytes 30.08.2012 10:36:12
VBASE030.VDF : 7.11.41.89 2048 Bytes 30.08.2012 10:36:12
VBASE031.VDF : 7.11.41.134 215040 Bytes 02.09.2012 09:10:03
Engineversion : 8.2.10.150
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 11:17:30
AESCRIPT.DLL : 8.1.4.46 455034 Bytes 24.08.2012 13:03:05
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 08:19:39
AESBX.DLL : 8.2.5.12 606578 Bytes 18.06.2012 10:47:55
AERDL.DLL : 8.1.9.15 639348 Bytes 18.09.2011 11:57:45
AEPACK.DLL : 8.3.0.32 811382 Bytes 24.08.2012 13:03:05
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 14:09:42
AEHEUR.DLL : 8.1.4.94 5230967 Bytes 30.08.2012 10:36:13
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 13:01:45
AEGEN.DLL : 8.1.5.36 434549 Bytes 24.08.2012 13:03:01
AEEXP.DLL : 8.1.0.84 90485 Bytes 30.08.2012 10:36:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 11:17:29
AECORE.DLL : 8.1.27.4 201078 Bytes 07.08.2012 10:39:27
AEBB.DLL : 8.1.1.0 53618 Bytes 05.01.2011 11:47:51
AVWINLL.DLL : 12.3.0.15 27344 Bytes 18.06.2012 21:41:28
AVPREF.DLL : 12.3.0.15 51920 Bytes 18.06.2012 21:41:47
AVREP.DLL : 12.3.0.15 179208 Bytes 18.06.2012 21:42:29
AVARKT.DLL : 12.3.0.15 211408 Bytes 18.06.2012 21:41:36
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 18.06.2012 21:41:38
SQLITE3.DLL : 3.7.0.1 398288 Bytes 18.06.2012 21:42:15
AVSMTP.DLL : 12.3.0.32 63992 Bytes 31.07.2012 08:38:36
NETNT.DLL : 12.3.0.15 17104 Bytes 18.06.2012 21:42:10
RCIMAGE.DLL : 12.3.0.31 4819704 Bytes 31.07.2012 08:38:35
RCTEXT.DLL : 12.3.0.31 100088 Bytes 31.07.2012 08:38:35
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 2. September 2012 11:11
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'EXCEL.EXE' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteTray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Evernote.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_271.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvernoteClipper.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'PfuSsMon.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'CardLauncher.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SsWiaChecker.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleCrashHandler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3373' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
[0] Archivtyp: ZIP
--> xmltree/armin.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
--> xmltree/opkat.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
[0] Archivtyp: ZIP
--> eel.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CD
--> nit.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
C:\Users\***\Downloads\avira_internet_security_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.E.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5596cc02.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache3137602177006505005.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.BN.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d05e3b7.qua' verschoben!
C:\Users\***\AppData\Local\Temp\jar_cache1333515056142189599.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f5ab95f.qua' verschoben!
Ende des Suchlaufs: Sonntag, 2. September 2012 15:45
Benötigte Zeit: 4:32:29 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40655 Verzeichnisse wurden überprüft
893035 Dateien wurden geprüft
5 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
893030 Dateien ohne Befall
15720 Archive wurden durchsucht
1 Warnungen
3 Hinweise
523997 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter OTL logfile created on: 02.09.2012 17:15:53 - Run 3 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\***\Documents\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 48,85% Memory free 6,50 Gb Paging File | 4,70 Gb Available in Paging File | 72,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1397,17 Gb Total Space | 1139,55 Gb Free Space | 81,56% Space Free | Partition Type: NTFS Computer Name: CHARMIANATHOME | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe PRC - [2012.08.30 08:54:47 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe PRC - [2012.08.14 10:42:56 | 011,639,136 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\Evernote.exe PRC - [2012.08.14 10:42:56 | 000,391,520 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteTray.exe PRC - [2012.07.31 10:38:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.19 19:30:24 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.115\GoogleCrashHandler.exe PRC - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.06.18 23:41:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.19 13:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\CardMinder\CardLauncher.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.12.01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe PRC - [2009.09.30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe ========== Modules (No Company Name) ========== MOD - [2012.08.30 08:54:47 | 002,242,528 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.07.31 09:35:18 | 021,007,360 | ---- | M] () -- C:\Programme\Evernote\Evernote\libcef.dll MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.11.23 10:34:28 | 000,344,064 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsConfig.dll MOD - [2009.10.15 10:02:00 | 000,233,472 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsExtention.dll MOD - [2008.11.12 16:32:30 | 000,014,848 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\CardPath.dll MOD - [2008.09.10 14:04:20 | 000,069,632 | ---- | M] () -- C:\Programme\PFU\ScanSnap\CardMinder\0407\CardConfig0407.dll MOD - [2007.06.26 21:27:18 | 000,167,936 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\SSsltsa.dll MOD - [2003.03.26 19:46:36 | 000,135,168 | ---- | M] () -- C:\Programme\PFU\ScanSnap\Driver\PfuSsImgIO.dll ========== Services (SafeList) ========== SRV - [2012.08.30 08:54:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.15 10:58:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.18 23:42:13 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.06.18 23:41:48 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.06.18 23:41:44 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.06.18 23:41:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.06.18 23:41:41 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012.01.25 00:57:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JUDITH~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - [2012.06.18 23:42:28 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.06.18 23:42:28 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.06.18 23:42:27 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.06.18 23:42:26 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2012.06.18 23:42:26 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012.06.18 23:42:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 03:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2003.04.22 15:47:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 05 6D 1D 22 7A CD 01 [binary data] IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\SearchScopes\{6FDFE877-99EB-47A4-9D1A-F876293661E1}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106 FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.138228 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1 FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23 FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2011.04.14 12:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.14 09:43:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.30 08:54:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 07:30:48 | 000,000,000 | ---D | M] [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.28 10:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions [2011.07.10 11:49:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2011.02.13 12:58:59 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.17 19:56:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.08 12:32:24 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012.05.23 11:58:17 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2011.04.26 14:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\nostmp [2011.12.10 09:07:36 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\plugin@yontoo.com [2012.08.30 15:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bu1cut1c.default\extensions\trash [2012.09.01 02:25:13 | 000,002,533 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\diigo--google.xml [2011.03.08 12:55:45 | 000,002,313 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bu1cut1c.default\searchplugins\downloadhelper-safe-videos.xml [2011.11.13 10:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.05 10:29:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.01.22 13:41:16 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.04.13 09:25:38 | 002,935,635 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{D9284E50-81FC-11DA-A72B-0800200C9A66}.XPI [2012.08.25 09:01:35 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.07.12 10:39:49 | 000,223,394 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2011.08.12 19:23:51 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI [2012.07.02 08:53:52 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BU1CUT1C.DEFAULT\EXTENSIONS\READABLE@EVERNOTE.COM.XPI [2012.08.30 08:54:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.14 07:33:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 08:54:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.14 07:33:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.14 07:33:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.14 07:33:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.14 07:33:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: PalmSource Package Installer (Enabled) = C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Dragosien Resourcenindikatoren = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmeegekipmnabmgkbdbenggnmgnbefm\1.0_0\ CHR - Extension: Diigo Bookmark, Archive, Highlight & Sticky-Note = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\1.6.3.5_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk = C:\Programme\Yammer\Yammer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3099018591-4240011507-2240214865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ABE0942-33AB-42F7-BEA4-3076B88ABFB9}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell - "" = AutoRun O33 - MountPoints2\{6c56a7de-390a-11e1-9208-4061869a0bfa}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.02 15:52:42 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.08.15 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2012.08.06 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\phenomedia [2012.08.06 17:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moorhuhn Remake [2010.06.26 16:16:40 | 016,527,250 | ---- | C] (Palm, Inc.) -- C:\Program Files\PalmDesktop41SP03DEU.exe ========== Files - Modified Within 30 Days ========== [2012.09.02 17:04:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000UA.job [2012.09.02 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.02 16:35:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.02 16:04:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3099018591-4240011507-2240214865-1000Core.job [2012.09.02 15:55:36 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.09.02 14:02:23 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\***\Documents\Desktop\OTL.exe [2012.09.02 13:36:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 09:51:39 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.02 09:43:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.02 09:43:36 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2012.08.31 07:55:28 | 000,000,929 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yammer.lnk [2012.08.26 10:37:59 | 001,755,986 | ---- | M] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:55 | 000,627,715 | ---- | M] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:54:54 | 002,163,010 | ---- | M] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:54:08 | 000,471,310 | ---- | M] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:53:38 | 000,668,499 | ---- | M] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.16 12:51:32 | 000,052,433 | ---- | M] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 07:27:56 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.13 21:30:27 | 000,022,873 | ---- | M] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF [2012.08.07 12:01:04 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.07 12:01:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.07 12:01:04 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.07 12:01:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.06 17:11:08 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk ========== Files Created - No Company Name ========== [2012.09.02 15:55:36 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.08.26 10:33:09 | 001,755,986 | ---- | C] () -- C:\Users\***\Documents\Desktop\Anlagen 1-19.pdf [2012.08.22 13:16:54 | 000,627,715 | ---- | C] () -- C:\Users\***\Documents\Desktop\Inhaltsverzeichnis Antrag VHS Dahme Spreewald.pdf [2012.08.16 12:44:59 | 000,471,310 | ---- | C] () -- C:\Users\***\Documents\Desktop\Exposé (Objekt-Nr J9400).pdf [2012.08.16 12:44:29 | 000,052,433 | ---- | C] () -- C:\Users\***\Documents\Desktop\Grüntaler Str. 81_Grundbuch.pdf [2012.08.16 12:44:02 | 002,163,010 | ---- | C] () -- C:\Users\***\Documents\Desktop\Kosten & Aufteilung.pdf [2012.08.16 12:43:38 | 000,668,499 | ---- | C] () -- C:\Users\***\Documents\Desktop\Teilungserklärung.pdf [2012.08.13 21:30:27 | 000,022,873 | ---- | C] () -- C:\Users\***\Documents\Desktop\Unbenannt.GIF [2012.08.06 17:11:04 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\Moorhuhn Remake starten.lnk [2012.01.24 23:25:05 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011.04.26 13:49:52 | 000,000,807 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.02.11 12:55:07 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI [2010.12.20 18:21:09 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.09.05 10:33:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.10 11:45:54 | 000,002,264 | ---- | C] () -- C:\Users\***\.powerupdate.user.properties [2010.08.05 15:30:52 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.02.17 00:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2010.08.18 13:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2011.05.22 19:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CmapTools [2010.06.27 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dba2csv [2012.09.02 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2011.02.13 13:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.02.13 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.19 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Elluminate [2012.01.25 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fujitsu [2010.08.27 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2011.03.20 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.06.27 14:07:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HotSync [2010.09.19 14:06:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\inkscape [2012.02.06 17:11:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2012.07.24 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.20 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2011.04.13 18:05:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindomoDesktop [2011.04.30 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1 [2010.06.27 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\palm2google [2012.06.30 11:20:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PFU [2010.06.28 10:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.01.21 14:08:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2010.12.03 00:19:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WEB.DE [2010.08.25 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wimpomat2 [2011.01.08 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft [2011.03.10 16:49:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yammer [2011.10.14 11:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yoono [2012.06.03 12:31:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2012 15:57:53 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\xxx\Documents\Canon\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 66,08% Memory free
6,50 Gb Paging File | 5,17 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1397,17 Gb Total Space | 1139,56 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Computer Name: CHARMIANATHOME | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25B67894-2B5A-4B99-9279-3F758C110F99}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B0400AE-4D10-4779-BAD2-0F9837D0DB2A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49108FD2-058C-4787-96F2-D1A9A735655A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{602D20F8-FA9A-46BD-9F3E-70005D271A3A}" = rport=138 | protocol=17 | dir=out | app=system |
"{639C176E-091D-4C71-BE65-8D345D774EB0}" = lport=137 | protocol=17 | dir=in | app=system |
"{66A1ECB7-1460-452E-A6D4-4BD43E6B9016}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6D8F2C53-237B-458D-9EE9-B39A1FBE54B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F9D3FE3-0BF0-4269-9B97-8650E43EA656}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{709EE42E-92B8-463B-81EF-C963F715F664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B5AD23B-3DF0-4D32-9BE1-795FF3CDE24A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87A985EA-1461-4838-8D37-CDEE81F34CBC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9900E08E-9A8F-4147-9D0D-1279E307FEFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A76940BE-358A-4434-8EA6-B212FB2C793F}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1AEA28E-AFDD-4BCF-B250-D21AB059739A}" = rport=445 | protocol=6 | dir=out | app=system |
"{B4FFB84E-3FA3-472D-89A8-0AF843DDD934}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE048F70-4845-48CC-9F12-0C0CB29C22B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBDA0035-4950-4776-91A8-DF441957ED37}" = rport=139 | protocol=6 | dir=out | app=system |
"{D01B383F-DF89-4690-B6D8-E0AFA8D27EB4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D10F5169-9E25-4CDE-A195-A444F74E70A2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D312C754-C405-4457-AD1E-22608F1B190F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D3E100CB-2CED-44AD-865C-F88CCA6374D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{E03CD8B9-A17C-40EA-A164-A966E63022BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF573063-0330-4AA3-AF89-5A49D0E023A3}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A9ECE2-15C1-48C5-85BE-620336DD56A2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B8FE1A7-2510-46EF-9317-57EE9D4D56DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{109D230B-F242-4367-A5C2-F39DBF64C1D9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{19758405-2B1D-4E52-AF47-EE3597A257A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D04B79A-067F-42A7-8593-0F93898727EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A53F95E-46F6-436A-ACE8-F41ABAAFB520}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{369BC984-B2ED-4411-9404-08277BBB2405}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{470BABAD-FD1C-4962-9CAD-970526772999}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{483684CB-E2F8-485F-B1ED-90885CE84618}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69F925F3-378E-4974-B37E-D57C5D1D6583}" = protocol=6 | dir=out | app=system |
"{6C06E710-2C5D-4C19-A9D6-7A99D722D196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FEAD8CE-A37E-43B8-B0C2-54E6581217E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9050A77C-724B-48C0-822A-AF8E0CF088BA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98C24B25-BB6D-4EB1-93AD-808183A41755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A837037B-3EC6-4CB3-AE06-42CBE3EC0FE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6013B50-751E-45E9-B3A9-355307A0A162}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9AB03BD-5D48-4887-B708-00F15240EE0E}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{C859F6A5-7C10-4BFC-B30D-1BF1DF417B43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF698427-FA65-40AC-901C-971C7D7ED87E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E19A95B3-63DC-445A-ADEB-487A77ECEEA0}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{E3925394-2FEC-49E8-B111-2D71BAEB6C55}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E40413D9-EB16-48A1-8F7D-297AFF006D69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EBE0392C-E82B-47AF-A79A-95CFF7A396F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F02FEB17-36E6-4F4D-989F-00BC65A53BE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F9FCC044-B571-4818-B2D7-7A38D8239BF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{078500FA-82F7-4E47-B8A0-7CCB6A8C6CC3}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2402836B-5610-402E-BB83-BCEB1861F0E8}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"TCP Query User{6914A0D7-EE07-416A-A947-89B4358AC32E}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
"TCP Query User{A597A3E7-C023-4E68-B96B-719D59278D4A}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{1704B021-0D97-48C1-8117-E98C7C8D01BE}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{2B95394F-DB36-48CD-B104-494370777A77}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4CAD67F1-A22E-43CA-824E-F1C7834324A4}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{7D746085-27C6-4044-AFAA-1AF42BB476EA}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}" = ScanSnap
"{2E4125CE-DDCF-8CF6-5A4E-88735CF284F9}" = Gapminder Desktop
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{33288D2D-FDA1-449C-B226-7ABBBA342EEA}" = Dba2Csv
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility
"{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}" = ScanSnap Organizer
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F51CDE0-1391-878A-C593-BD340AD9D0DE}" = TweetDeck
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7FF95752-5AD1-4C4A-9785-FAB80E499BB2}_is1" = Wimpomat 2.9
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese
"{8DCD0779-8811-4060-9227-871E2FD48E45}" = CardMinder V4.1
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish
"{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian
"{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch
"{A81EB5BC-F764-308A-B979-0F8F078DAB29}" = Yammer
"{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All
"{B20F9D1C-A0A5-4cd8-8306-DE95842311B1}" = REALTEK Wireless LAN Driver
"{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation
"{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English
"{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian
"{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder
"{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New
"{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish
"{FB400000-0002-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 4.1
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.11.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Internet Security 2012
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Finanzplan in Excel Version 3.2.02" = Finanzplan in Excel Version 3.2.02
"FormatFactory" = FormatFactory 2.60
"Free Studio_is1" = Free Studio version 5.0.4
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02
"Inkscape" = Inkscape 0.47
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.19
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"org.gapminder.desktop.434684C0EEE0B6011903D7CB9F42374B4E5823E7.1" = Gapminder Desktop
"Totalcmd" = Total Commander (Remove or Repair)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"WEB.DE Club SmartFax" = WEB.DE Club SmartFax
"WinGimp-2.0_is1" = GIMP 2.6.11
"Xilisoft iPad Magic" = Xilisoft iPad Magic
"Yammer" = Yammer
"Yoono Desktop_is1" = Yoono Desktop 1.8.16
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9033
Error - 12.12.2011 10:12:55 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9033
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031
Error - 12.12.2011 10:12:56 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11029
Error - 12.12.2011 10:12:57 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11029
Error - 12.12.2011 10:12:58 | Computer Name = charmianathome | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ OSession Events ]
Error - 08.10.2011 09:08:51 | Computer Name = charmianathome | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.07.2012 15:37:28 | Computer Name = charmianathome | Source = BROWSER | ID = 8032
Description =
Error - 13.07.2012 03:58:37 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
Error - 14.07.2012 03:46:18 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 16.07.2012 18:23:23 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
nicht richtig heruntergefahren werden.
Error - 05.08.2012 14:38:59 | Computer Name = charmianathome | Source = Service Control Manager | ID = 7034
Description = Dienst "Google Update Service (gupdate)" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 05.08.2012 14:39:29 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
Error - 07.08.2012 05:59:48 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 09.08.2012 03:58:52 | Computer Name = charmianathome | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
Error - 13.08.2012 17:45:28 | Computer Name = charmianathome | Source = Microsoft-Windows-Eventlog | ID = 23
Description = Der Ereignisprotokollierungsdienst hat einen Fehler (Auflösung=32)
beim Initialisieren der Protokollierung der Ressourcen für Kanal "Microsoft-Windows-LanguagePackSetup/Operational"
erkannt.
Error - 31.08.2012 03:10:01 | Computer Name = charmianathome | Source = DCOM | ID = 10010
Description =
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-03 08:43:20
Windows 6.1.7601 Service Pack 1
Running: t3x65s7e.exe; Driver: C:\Users\JUDITH~1\AppData\Local\Temp\kwlcqpob.sys
---- System - GMER 1.0.15 ----
SSDT 91C884F6 ZwCreateSection
SSDT 91C884CE ZwCreateSymbolicLinkObject
SSDT 91C884D3 ZwLoadDriver
SSDT 91C884C9 ZwOpenSection
SSDT 91C88500 ZwRequestWaitReplyPort
SSDT 91C884FB ZwSetContextThread
SSDT 91C88505 ZwSetSecurityObject
SSDT 91C884D8 ZwSetSystemInformation
SSDT 91C8850A ZwSystemDebugControl
SSDT 91C88497 ZwTerminateProcess
SSDT 91C88492 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E453C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E7ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E85EAC 4 Bytes [F6, 84, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82E85EB4 4 Bytes [CE, 84, C8, 91] {INTO ; TEST AL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82E85FC8 4 Bytes [D3, 84, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82E86064 4 Bytes [C9, 84, C8, 91] {LEAVE ; TEST AL, CL; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E86208 4 Bytes [00, 85, C8, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9223B000, 0x2D293E, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011f607f0a8
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011f607f0a8 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Ich wäre sehr froh, wenn mir jemand weiterhelfen könnte. Herzlichen Dank im Voraus und viele Grüße Judith |
| Themen zu Antivir blockt mor.exe |
| 7-zip, anlage, antivir, avira, bho, bonjour, converter, desktop, error, flash player, google, home, homepage, hängen, install.exe, langs, locker, logfile, mor.exe, mp3, object, office 2007, plug-in, programm, realtek, scan, security, senden, software, svchost.exe, taskhost.exe, total commander, verweise, virus, windows, wuauclt.exe |
Baum-Darstellung