Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.04.2013, 17:37   #1
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hallo zusammen.

Nach langem suchen im Internet habe ich nichts zu meinem Problem gefunden.
Es handelt sich um eine Meldung von avast, die besagt das eine Bedrohung Gefunden wurde:

z.B.
Details
URL: hxxp://vjlvchretllifcsgynuq.com/jaxS67JK...
Prozess: C:\Windows\System32\svchost.exe
Infektion: URL:Mal

nur jedes mal ändert sich die URL. Dabei bin ich gar nicht auf diesen Seiten.
DAS Problem ist das die Meldung bestimmt alle 10/20 Sekunden kommt also sehr häufig.

Bei einem komplettcheck von Avast! wird aber nichts gefunden.
Was soll ich machen damit das aufhört??

Kann mir jemand helfen?

Mein System ist Windows7 professional mit 32bit.

Vielen Dank.


hijack liefert das hier nach dem start:HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:49:38 PM, on 4/9/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\AVAST Software\Avast\sfzone\SafeZoneBrowser.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Philipp\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Philips SA19xx Gere-Manager.lnk = C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

--
End of file - 10457 bytes
         
--- --- ---

Geändert von chapman (09.04.2013 um 17:51 Uhr)

Alt 09.04.2013, 18:29   #2
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

Zitat:
Kann mir jemand helfen?
Klar, aber mach bitte zuerst noch unten angegebene Diagnosescans. Mit HJT arbeiten wir nicht mehr.


Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button.
  • Bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
  • Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!



Schritt 2

Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
  • Deaktiviere alle Antivirenprogramme und Malware/Spyware Scanner.
  • Trenne alle bestehenden Verbindungen zu einem Netzwerk/Internet (WLAN nicht vergessen).
  • Schliesse bitte alle anderen Programme.
  • Starte gmer.exe (die Datei hat einen zufälligen Dateinamen).
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Sollte sich ein Fenster mit folgender Warnung öffnen
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    dann klicke unbedingt auf No.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Show all
  • Setze rechts den Haken bei deiner Systempartition (normalerweise C:\).
  • Starte den Scan mit einem Klick auf Scan.
  • Mache gar nichts am Computer, während der Scan läuft!
  • Wenn der Scan fertig ist, klicke auf Save und speichere das Logfile unter Gmer.txt auf deinen Desktop.
  • Schliesse dann GMER und führe unmittelbar einen Neustart des Computers durch.
  • Füge bitte den Inhalt des Logfiles hier in deine Thread ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor du ins Netz gehst.



Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Gmer
  • Logs von OTL
__________________

__________________

Alt 09.04.2013, 19:19   #3
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hallo!
Leider habe ich schon beim 1. Schritt das Problem das keine log datei vom defogger erstellt wird auf meinem Desktop.
Soll ich einfach weiter mit schritt 2 oder wie?

vielen Dank das du mir hilfst!

PS: auf der GMER Seite lässt sich die exe nicht öffnen: Seitenladefehler
__________________

Alt 09.04.2013, 19:43   #4
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

von defogger brauchen wir kein Log, weiter mit Schritt 2.
Wenn du Gmer über den angegebenen Link nicht downloaden kannst, dann versuch es mit diesem.
__________________
cheers,
Leo

Alt 09.04.2013, 22:10   #5
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



so hier wär dann schon mal das was GMER ausgespuckt leider als log im anhang weil zu lang die anderen beiden sind hier:

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/9/2013 10:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 51.71% Memory free
4.98 Gb Paging File | 3.66 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.71 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Downloads\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:22:06 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?rd=1&ucc=BR&dcc=BR&opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 20:54:33 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/08 20:54:33 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/29 13:06:44 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/29 13:06:44 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/29 13:06:44 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/29 13:06:44 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/29 13:06:44 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/29 13:06:44 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/03/29 13:06:44 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/29 13:06:44 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/29 13:06:44 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/29 13:06:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/29 13:06:44 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/29 13:06:44 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/29 13:06:44 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/29 13:06:44 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/29 13:06:44 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/03/29 13:06:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/29 13:06:44 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/29 13:06:44 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/29 13:06:44 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/29 13:06:44 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/29 13:06:44 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/29 13:06:44 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/29 13:06:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/29 13:06:44 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/29 13:06:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/29 13:06:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/29 13:06:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/29 13:06:44 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/29 13:06:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/29 13:06:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/29 13:06:44 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/29 13:06:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/29 13:06:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/29 13:06:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/29 13:06:44 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/29 13:06:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/29 13:05:01 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/03/29 13:05:01 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/03/29 13:05:01 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/29 13:05:01 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/03/29 13:05:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/03/29 13:05:01 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/29 13:05:01 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/29 13:05:01 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/29 13:05:01 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/03/29 13:05:01 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/03/29 13:05:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/29 13:05:01 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/29 13:05:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/03/29 13:05:01 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/29 13:05:00 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/03/29 13:05:00 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/29 13:05:00 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/20 23:31:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/09 22:51:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 22:51:13 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/09 22:50:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 22:43:32 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 22:43:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/09 22:42:59 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 21:41:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/04/08 21:41:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/29 13:06:44 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/29 13:06:44 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/29 13:06:44 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/03/29 13:06:44 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/03/29 13:06:44 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/03/29 13:06:44 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/03/29 13:06:44 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/29 13:06:44 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/29 13:06:44 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/03/29 13:06:44 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/03/29 13:06:44 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/03/29 13:06:44 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/29 13:06:44 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/03/29 13:06:44 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/03/29 13:06:44 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/03/29 13:06:44 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/03/29 13:06:44 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/03/29 13:06:44 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/03/29 13:06:44 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/29 13:06:44 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/03/29 13:06:44 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/03/29 13:06:44 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/03/29 13:06:44 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/03/29 13:06:44 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/03/29 13:06:44 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/03/29 13:06:44 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/03/29 13:06:44 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/03/29 13:06:44 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/03/29 13:06:44 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/03/29 13:06:44 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/03/29 13:06:44 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/29 13:06:44 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/03/29 13:06:44 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/29 13:06:44 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/03/29 13:06:44 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/03/29 13:05:01 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/03/29 13:05:01 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/03/29 13:05:01 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/03/29 13:05:01 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/03/29 13:05:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/03/29 13:05:01 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/03/29 13:05:01 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/03/29 13:05:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/03/29 13:05:01 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/03/29 13:05:01 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/03/29 13:05:01 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/03/29 13:05:01 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/03/29 13:05:01 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/03/29 13:05:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/03/29 13:05:01 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/29 13:05:01 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/29 13:05:01 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/29 13:05:01 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/29 13:05:00 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/03/29 13:05:00 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2013/03/12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB18750$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
         
--- --- ---


Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/9/2013 10:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 51.71% Memory free
4.98 Gb Paging File | 3.66 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.71 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0017-0416-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2007
"{90120000-0017-0416-0000-0000000FF1CE}_OMUI.pt-br_{CE74B6EC-A82B-4246-8E80-C21A1D6915B0}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_OMUI.pt-br_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_OMUI.pt-br_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{C8D442F2-CF33-486E-8079-A704A2E80A39}" = Microsoft Office Project 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0416-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Brazil)) 2007
"{90120000-0100-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0416-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Brazil)) 2007
"{90120000-0101-0416-0000-0000000FF1CE}_OMUI.pt-br_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11364.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC589470-884E-4E15-96D8-437780F8185D}" = Super LoiLoScope WebShortcut
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B585D829-A7D7-4F93-8249-E55A3DDB8CA5}" = GoGear SA19xx Device Manager
"{B62A8A6F-5E48-4336-BF13-1632D5921872}" = PHOTOfunSTUDIO 6.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0B2410-809B-4644-ACF0-6ACBD18B24D7}" = regify client
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}" = Adobe Photoshop Lightroom 4.2
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"ACDLabs in C__Program_Files_ACDFREE12_" = ACD/Labs Software in C:\Program Files\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"avast" = avast! Internet Security
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio Converter_is1" = Free Audio Converter version 5.0.22.128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Battery Check" = HP Battery Check
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mosaic Creator_is1" = Mosaic Creator 3.1
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.pt-br" = Microsoft Office Language Pack 2007 - Portuguese/Português (Brasil)
"PDF Blender" = PDF Blender
"PRJPRO" = Microsoft Office Project Professional 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/30/2013 11:27:03 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/1/2013 7:47:00 AM | Computer Name = Philipp-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 4/2/2013 7:44:04 AM | Computer Name = Philipp-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 4/5/2013 3:15:06 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/6/2013 7:26:50 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/6/2013 1:35:54 PM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/6/2013 2:30:41 PM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/7/2013 8:13:25 AM | Computer Name = Philipp-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 4/9/2013 3:01:12 AM | Computer Name = Philipp-PC | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 4/9/2013 4:57:58 AM | Computer Name = Philipp-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 4/9/2013 1:48:47 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via 
DNS server 141.70.86.1
 
Error - 4/9/2013 2:17:16 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via 
DNS server 141.70.86.1
 
Error - 4/9/2013 2:23:50 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via 
DNS server 141.70.86.1
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::ensureBFEServiceStarted File: .\FilterVistaImpl.cpp
Line:
 514 Invoked Function: OpenService Return Code: 1060 (0x00000424) Description: Der 
angegebene Dienst ist kein installierter Dienst.   
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CFilterVistaImpl::Register File: .\FilterVistaImpl.cpp Line:
 2283 Invoked Function: CFilterVistaImpl::ensureBFEServiceStarted Return Code: -33423351
 (0xFE020009) Description: FILTERCOMMONIMPL_ERROR_UNEXPECTED 
 
Error - 4/9/2013 4:43:09 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CHostConfigMgr::CHostConfigMgr File: .\HostConfigMgr.cpp Line:
 128 Invoked Function: CFilterMgr::Register Return Code: -33423351 (0xFE020009) Description:
 FILTERCOMMONIMPL_ERROR_UNEXPECTED 
 
Error - 4/9/2013 4:43:23 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 4/9/2013 4:44:56 PM | Computer Name = Philipp-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 4/9/2013 4:44:59 PM | Computer Name = Philipp-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1127 NULL object. Cannot establish a connection at this time.
 
Error - 4/9/2013 4:47:07 PM | Computer Name = Philipp-PC | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
 1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
 DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 162.62.197.193.in-addr.arpa via 
DNS server 141.70.86.1
 
[ OSession Events ]
Error - 10/3/2012 12:44:27 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 7126
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 10/10/2012 4:41:05 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2112
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 10/18/2012 6:36:46 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 948
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 12/10/2012 7:27:17 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 155
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 12/11/2012 2:51:15 PM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 111
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 2/13/2013 10:48:44 AM | Computer Name = Philipp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4228
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/9/2013 1:50:00 PM | Computer Name = Philipp-PC | Source = Microsoft Antimalware | ID = 2003
Description = 
 
Error - 4/9/2013 1:50:48 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 1:50:48 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 1:50:49 PM | Computer Name = Philipp-PC | Source = NetBT | ID = 4313
Description = Die Registrierungsverknüpfung kann nicht geöffnet werden, um die Konfigurationsinformationen
 zu lesen.
 
Error - 4/9/2013 4:43:05 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist von folgendem Dienst abhängig:
 NetBT. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 4/9/2013 4:43:15 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 4/9/2013 4:47:02 PM | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist von folgendem Dienst abhängig:
 NetBT. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >
         
--- --- ---


Alt 09.04.2013, 22:32   #6
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hallo,

Es war schon lustig als ich nach dem Neustart wieder alles geladen hatte, waren die Warnungen weg. Aber das muss ja nichts heißen oder?
Vielen Dank schonmal zumindest die Symptome sind weg. :P

Alt 09.04.2013, 22:35   #7
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

Zitat:
Aber das muss ja nichts heißen oder?
Überhaupt nichts ist da weg, es läuft ein unschönes Rootkit bei dir!
Mal schauen, ob wir es kleinkriegen.


Schritt 1

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 09.04.2013, 23:59   #8
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hallo,
also der Combo war gut beschäftigt, ich denke da war einiges los bei mir.

Hier die Daten:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-04-09.01 - Philipp 04/10/2013   0:16.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2551.1864 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB18750$
c:\windows\$NtUninstallKB18750$\2367512805
c:\windows\$NtUninstallKB18750$\4208964577\@
c:\windows\$NtUninstallKB18750$\4208964577\Desktop.ini
c:\windows\$NtUninstallKB18750$\4208964577\L\00000004.@
c:\windows\$NtUninstallKB18750$\4208964577\L\201d3dde
c:\windows\$NtUninstallKB18750$\4208964577\L\76603ac3
c:\windows\$NtUninstallKB18750$\4208964577\L\xadqgnnk
c:\windows\$NtUninstallKB18750$\4208964577\U\00000004.@
c:\windows\$NtUninstallKB18750$\4208964577\U\00000008.@
c:\windows\$NtUninstallKB18750$\4208964577\U\000000cb.@
c:\windows\$NtUninstallKB18750$\4208964577\U\80000000.@
c:\windows\$NtUninstallKB18750$\4208964577\U\80000032.@
.
c:\windows\system32\drivers\netbt.sys . . . fehlt!!
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-09 bis 2013-04-09  ))))))))))))))))))))))))))))))
.
.
2013-04-09 17:40 . 2013-04-09 17:40	--------	d-----w-	c:\program files\CCleaner
2013-04-09 17:39 . 2013-04-09 17:40	--------	d-----w-	c:\program files\Google
2013-04-09 07:16 . 2013-03-06 22:33	199384	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2013-04-09 07:16 . 2013-03-06 22:33	101656	----a-w-	c:\windows\system32\drivers\aswFW.sys
2013-04-09 07:16 . 2013-03-06 22:33	21576	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-04-09 07:15 . 2013-03-06 22:11	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2013-04-09 07:13 . 2013-03-06 22:33	368176	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-04-09 07:13 . 2013-03-06 22:33	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-04-09 07:13 . 2013-03-06 22:33	60656	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-04-09 07:13 . 2013-03-06 22:33	62376	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-04-09 07:13 . 2013-03-06 22:33	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-04-09 07:13 . 2013-03-06 22:33	164736	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-04-09 07:13 . 2013-03-06 22:33	49248	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-04-09 07:13 . 2013-03-06 22:33	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-04-09 07:12 . 2013-03-06 22:32	41664	----a-w-	c:\windows\avastSS.scr
2013-04-08 21:32 . 2009-07-14 01:16	249856	----a-w-	c:\windows\system32\uxtheme.dll.backup
2013-04-08 21:32 . 2010-11-20 21:29	2755072	----a-w-	c:\windows\system32\themeui.dll.backup
2013-04-08 21:32 . 2009-07-14 01:16	37376	----a-w-	c:\windows\system32\themeservice.dll.backup
2013-04-08 21:05 . 2013-04-08 21:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-04-08 21:04 . 2013-04-09 20:42	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-04-08 19:21 . 2013-04-09 07:00	--------	d-----w-	c:\programdata\Avira
2013-04-08 18:54 . 2013-04-08 19:41	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-08 18:54 . 2013-04-08 19:41	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-04-08 16:52 . 2013-04-08 16:52	--------	d-----w-	c:\users\Philipp\AppData\Roaming\Malwarebytes
2013-04-08 16:52 . 2013-04-08 16:52	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-08 16:51 . 2013-04-08 16:51	--------	d-----w-	c:\users\Philipp\AppData\Local\Programs
2013-04-06 15:55 . 2013-04-06 15:55	--------	d-----w-	c:\program files\Common Files\Skype
2013-04-05 06:36 . 2013-03-15 07:21	7108640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1899F17C-B50F-483A-B751-4C039ABF891A}\mpengine.dll
2013-04-01 11:08 . 2013-04-01 11:08	163088	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10143.bin
2013-03-29 11:05 . 2013-03-29 11:05	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-20 21:31 . 2013-02-12 03:32	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-11 16:22 . 2013-03-11 16:22	--------	d--h--w-	c:\programdata\CanonIJEPPEX
2013-03-11 16:22 . 2013-03-11 16:22	--------	d--h--w-	c:\programdata\CanonIJEGV
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-08 21:32 . 2009-07-13 23:40	249856	----a-w-	c:\windows\system32\uxtheme.dll
2013-04-08 21:32 . 2010-11-20 21:29	2755072	----a-w-	c:\windows\system32\themeui.dll
2013-04-08 21:32 . 2009-07-13 23:39	37376	----a-w-	c:\windows\system32\themeservice.dll
2013-03-11 23:10 . 2011-07-18 17:01	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-03-09 09:44 . 2013-03-09 09:44	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-09 09:44 . 2012-06-25 11:22	861088	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-03-09 09:44 . 2011-07-18 18:37	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-06 23:32 . 2011-07-18 17:21	228600	----a-w-	c:\windows\system32\aswBoot.exe
2013-02-12 04:48 . 2013-03-13 07:20	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 07:20	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-03-27 02:18 . 2013-04-08 18:34	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-07-13 5796440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-9-4 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Philips SA19xx Gere-Manager.lnk - c:\program files\Philips\GoGear SA19xx Device Manager\main.exe [2013-2-17 124760]
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2012-11-18 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.0.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11	287800	----a-r-	c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2013-02-04 15:39	447152	----a-w-	c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 aswVmm;aswVmm; [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [x]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [x]
S3 NETwLv32;    Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-09 17:40	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 17:39]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-09 17:39]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 141.70.86.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\
FF - ExtSQL: 2013-04-04 12:21; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-04-04 12:21; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-04-04 12:21; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-04-09 00:47; langpack-de@firefox.mozilla.org; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\langpack-de@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-04-09 00:49; {338e0b96-2285-4424-b4c8-e25560750fa3}; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
FF - ExtSQL: 2013-04-09 01:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\4s3qwzvo.default-1365460425170\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-09 09:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
MSConfigStartUp-Nimbuzz - c:\program files\Nimbuzz\Nimbuzz.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-Spotify - c:\users\Philipp\AppData\Roaming\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\users\Philipp\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3852)
c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-10  00:38:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-09 22:38
.
Vor Suchlauf: 3,692,408,832 Bytes frei
Nach Suchlauf: 2,105,118,720 Bytes frei
.
- - End Of File - - DA8F2D2786BCC4142F6A7D66C201D428
         
--- --- ---



Und hier OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/10/2013 12:46:45 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 52.82% Memory free
3.65 Gb Paging File | 2.41 Gb Available in Paging File | 66.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 3.50 Gb Free Space | 4.70% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:22:06 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/03/01 23:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/01 23:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/01 23:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/01 23:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/01 23:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netbt.sys -- (NetBT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philipp\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/10 00:33:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/10 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\temp
[2013/04/09 23:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 23:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 23:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- \Qoobox
[2013/04/09 23:54:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 23:50:30 | 005,050,253 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 22:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/10 00:50:31 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 00:50:31 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 00:50:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 00:43:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 00:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 00:41:53 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 00:33:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 23:50:32 | 005,050,253 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | M] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:23 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/09 23:58:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:58:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:58:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:58:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:58:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | C] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:19 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/11/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Advanced Chemistry Development
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/09/27 15:19:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Avanquest Bluetooth SDK
[2013/04/09 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/05/28 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2011/07/22 13:01:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonEPP
[2012/05/02 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/03/11 18:22:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/03/11 18:22:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX2
[2012/05/02 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJMSetup
[2012/05/03 14:44:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2013/04/05 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2012/05/02 22:57:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2012/05/03 14:45:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenuEX
[2012/05/02 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJWSpt
[2013/03/21 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2011/07/21 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\OriginLab
[2012/08/14 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Panasonic
[2012/03/11 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009/07/14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Anwendungsdaten
[2011/07/18 18:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Contacts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Cookies
[2013/04/09 23:51:29 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Desktop
[2013/04/05 09:47:31 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Documents
[2013/04/09 23:51:29 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Downloads
[2013/04/10 00:44:35 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Dropbox
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Druckumgebung
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Eigene Dateien
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Favorites
[2012/07/21 08:48:56 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Links
[2012/05/03 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Local Settings
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Lokale Einstellungen
[2013/03/26 01:43:19 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Music
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Netzwerkumgebung
[2012/11/20 02:21:11 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Pictures
[2012/03/01 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Podcasts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Recent
[2012/07/21 08:48:54 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Saved Games
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Searches
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\SendTo
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Startmenü
[2011/07/18 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\SystemRequirementsLab
[2013/04/09 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Tracing
[2012/09/25 04:39:07 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Videos
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Vorlagen
[2013/04/10 00:38:51 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/04/09 19:40:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011/07/21 21:18:56 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011/12/09 00:18:14 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/03/12 11:13:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/03/01 20:45:26 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Ist es jetzt geschafft?

Gruß

Alt 10.04.2013, 00:11   #9
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

Zitat:
Ist es jetzt geschafft?
Nein, mit diesem ZeroAccess-Rootkit spielst du in der Königsklasse mit, das ist alles andere als harmlos.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=05B2989C-9A43-4B0B-A30A-712F2E3FAD70&apn_sauid=862F128D-BB83-4549-9B8A-2797D2990E9B

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Wenn eine Warnung "Registry value AppInit_Dlls has been found, .." erscheint, drücke Nein.
  • Folge dann den Anweisungen, führe das Update aus und drücke dann Scan.
Falls Funde angezeigt werden:
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während des Neustarts wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut und wiederhole den Scan.
  • Sollte nochmals was gefunden werden, führe erneut den CleanUp-Prozess durch.
Das Tool wird im erstellten Ordner Logfiles (mbar-log-<Jahr-Monat-Tag>.txt) erzeugen. Bitte poste deren Inhalt hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers.



Schritt 3
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
/md5start
netbt.sys
/md5stop
         
  • Schliesse bitte nun alle anderen Programme.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAR
  • Log von OTL
__________________
cheers,
Leo

Alt 10.04.2013, 00:55   #10
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



hier der erste OTL:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B46521DF-FC58-4925-A919-3C9CA2CF646D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B46521DF-FC58-4925-A919-3C9CA2CF646D}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Philipp
->Temp folder emptied: 2422 bytes
->Temporary Internet Files folder emptied: 3560 bytes
->Java cache emptied: 2401769 bytes
->FireFox cache emptied: 6807694 bytes
->Google Chrome cache emptied: 6105213 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116122833 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04102013_011507

Files\Folders moved on Reboot...
C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.09.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
Philipp :: PHILIPP-PC [administrator]

4/10/2013 1:40:29 AM
mbar-log-2013-04-10 (01-40-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26698
Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/10/2013 1:43:50 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 58.39% Memory free
4.98 Gb Paging File | 3.82 Gb Available in Paging File | 76.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.19 Gb Free Space | 2.94% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
PRC - [2013/03/27 04:18:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/07/13 21:14:00 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/15 02:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/03/27 04:18:17 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/03/07 00:32:42 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:39:18 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/10 14:56:38 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/07/13 21:14:06 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/01/18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\netbt.sys -- (NetBT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Philipp\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,199,384 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,101,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/07 00:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/03/07 00:11:20 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/09/26 16:45:43 | 000,087,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2012/06/21 18:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 18:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/01/18 08:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 08:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/11/30 20:36:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2011/11/30 20:36:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/07/21 12:55:53 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 14:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/02/25 00:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/03/25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/02/24 23:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008/01/09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 76 2C F9 12 0A CE 01  [binary data]
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/02 01:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/09 09:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/08 20:34:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/04 12:21:54 | 000,000,000 | ---D | M]
 
[2013/04/08 20:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/04 12:21:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/04 12:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/27 04:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/27 04:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/27 04:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Philipp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/04/10 00:33:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1998387121-1785201769-1389688086-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Philipp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.70.86.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44902E41-0CEB-4D7C-9691-47DE9F57113C}: DhcpNameServer = 141.70.86.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/10 01:23:26 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 01:15:07 | 000,000,000 | ---D | C] -- \_OTL
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/10 00:34:02 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013/04/10 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\temp
[2013/04/09 23:58:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/09 23:58:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/09 23:58:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/09 23:54:42 | 000,000,000 | ---D | C] -- \Qoobox
[2013/04/09 23:54:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/09 23:50:30 | 005,050,253 | R--- | C] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 22:52:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 19:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/04/09 19:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/09 19:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/09 19:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/09 09:16:23 | 000,199,384 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswNdis2.sys
[2013/04/09 09:16:19 | 000,101,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFW.sys
[2013/04/09 09:16:17 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/04/09 09:15:57 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswNdis.sys
[2013/04/09 09:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/04/09 09:13:37 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/04/09 09:13:37 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/04/09 09:13:34 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/04/09 09:13:33 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/04/09 09:13:31 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/04/09 09:13:21 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/04/09 09:12:53 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/09 00:33:49 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Old Firefox Data
[2013/04/08 23:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/08 23:04:37 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/04/08 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/04/08 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/08 18:51:46 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs
[2013/04/08 18:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/06 17:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/04/05 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Bewerbung Bosch Waiblingen
[2013/04/04 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/25 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Pauls sachen
[2013/03/25 17:08:43 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Stat-Ease Design Expert v7.0.0 (Sa 04)
[2013/03/21 20:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013/03/11 18:22:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX
[2013/03/11 18:22:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/10 01:25:19 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 01:25:18 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/10 01:22:56 | 012,894,739 | ---- | M] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/10 01:18:22 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 01:16:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/10 01:16:45 | 2006,523,904 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/10 00:50:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/10 00:33:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/09 23:50:32 | 005,050,253 | R--- | M] (Swearware) -- C:\Users\Philipp\Desktop\ComboFix.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | M] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 22:52:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2013/04/09 20:34:09 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/09 20:12:09 | 000,000,000 | ---- | M] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:23 | 000,050,477 | ---- | M] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:40:42 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 18:19:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/04/09 09:14:45 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:04 | 000,916,435 | ---- | M] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/06 18:55:39 | 000,657,304 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/06 18:55:39 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/06 18:55:39 | 000,131,084 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/06 18:55:39 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/04 14:42:54 | 000,016,473 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | M] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/04/01 12:03:07 | 000,001,013 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 12:02:37 | 000,000,985 | ---- | M] () -- C:\Users\Philipp\Desktop\Dropbox.lnk
[2013/03/29 13:06:44 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:53:10 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:09 | 002,107,308 | ---- | M] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
 
========== Files Created - No Company Name ==========
 
[2013/04/10 01:22:38 | 012,894,739 | ---- | C] () -- C:\Users\Philipp\Desktop\mbar-1.01.0.1022.zip
[2013/04/09 23:58:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/09 23:58:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/09 23:58:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/09 23:58:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/09 23:58:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/09 23:09:23 | 000,010,384 | ---- | C] () -- C:\Users\Philipp\Desktop\Gmer.zip
[2013/04/09 20:12:09 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\defogger_reenable
[2013/04/09 20:11:19 | 000,050,477 | ---- | C] () -- C:\Users\Philipp\Desktop\Defogger.exe
[2013/04/09 19:47:34 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/09 19:40:42 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 09:14:45 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/04/09 09:13:28 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/04/09 09:13:26 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/08 20:34:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 20:34:57 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/08 18:10:14 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/07 12:14:03 | 000,916,435 | ---- | C] () -- C:\Users\Philipp\Desktop\order15000643.pdf
[2013/04/04 14:42:54 | 000,016,473 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPhilippElectronFinal.pdf
[2013/04/04 14:42:21 | 000,016,218 | ---- | C] () -- C:\Users\Philipp\Desktop\CartaPaulElectronFinal.pdf
[2013/03/29 13:06:44 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/03/25 17:49:08 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/03/12 17:35:07 | 002,107,308 | ---- | C] () -- C:\Users\Philipp\Desktop\IMG_NEW.pdf
[2012/11/28 00:17:53 | 002,887,680 | ---- | C] () -- C:\Windows\System32\VagalumePluginWMP.dll
[2012/08/07 19:30:15 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012/08/07 19:30:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012/08/07 19:30:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012/08/07 19:30:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012/08/07 19:30:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012/08/07 19:30:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012/08/07 19:30:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012/08/07 19:30:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012/08/07 19:30:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012/08/07 19:30:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012/08/07 19:30:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012/08/07 19:30:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012/08/07 19:30:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012/08/07 19:30:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012/08/07 19:30:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012/08/07 19:30:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012/08/07 19:30:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012/05/08 11:34:11 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2012/03/22 18:05:05 | 000,000,709 | ---- | C] () -- C:\Users\Philipp\.swfinfo
[2012/03/06 23:58:23 | 000,007,605 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg
[2012/01/18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/03 18:06:39 | 000,022,528 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/17 03:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/09/19 18:05:56 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/19 18:05:56 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/21 13:05:51 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/07/18 19:20:42 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011/07/18 19:20:40 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011/07/18 18:21:51 | 2006,523,904 | -HS- | C] () -- \hiberfil.sys
[2011/04/12 03:30:05 | 000,657,304 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/04/12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/04/12 03:30:05 | 000,131,084 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/04/12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/11/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\Advanced Chemistry Development
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2012/09/27 15:19:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Avanquest Bluetooth SDK
[2013/04/09 09:12:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2012/05/28 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\All Users\BVRP Software
[2011/07/22 13:01:45 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonBJ
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonEPP
[2012/05/02 22:59:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJ
[2013/03/11 18:22:48 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEGV
[2013/03/11 18:22:59 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX
[2012/05/03 14:44:58 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJEPPEX2
[2012/05/02 22:52:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJMSetup
[2012/05/03 14:44:46 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJMyPrinter
[2013/04/05 09:24:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJPLM
[2012/05/02 22:57:05 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJScan
[2012/05/03 14:45:16 | 000,000,000 | -H-D | M] -- C:\Users\All Users\CanonIJSolutionMenuEX
[2012/05/02 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\CanonIJWSpt
[2013/03/21 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2011/07/21 12:54:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2011/12/07 19:34:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\OriginLab
[2012/08/14 03:46:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\Panasonic
[2012/03/11 21:28:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sony
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009/07/14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009/07/14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009/07/14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2011/07/18 18:48:16 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Anwendungsdaten
[2011/07/18 18:48:30 | 000,000,000 | -H-D | M] -- C:\Users\Philipp\AppData
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Contacts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Cookies
[2013/04/10 01:23:26 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Desktop
[2013/04/05 09:47:31 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Documents
[2013/04/10 01:23:15 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Downloads
[2013/04/10 01:19:51 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Dropbox
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Druckumgebung
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Eigene Dateien
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Favorites
[2012/07/21 08:48:56 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Links
[2012/05/03 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Local Settings
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Lokale Einstellungen
[2013/03/26 01:43:19 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Music
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Netzwerkumgebung
[2012/11/20 02:21:11 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Pictures
[2012/03/01 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Podcasts
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Recent
[2012/07/21 08:48:54 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Saved Games
[2012/07/21 08:48:53 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Searches
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\SendTo
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Startmenü
[2011/07/18 20:38:08 | 000,000,000 | ---D | M] -- C:\Users\Philipp\SystemRequirementsLab
[2013/04/09 19:51:05 | 000,000,000 | ---D | M] -- C:\Users\Philipp\Tracing
[2012/09/25 04:39:07 | 000,000,000 | R--D | M] -- C:\Users\Philipp\Videos
[2011/07/18 18:48:30 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\Vorlagen
[2013/04/10 00:38:51 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData
[2013/04/09 19:40:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2011/07/18 18:48:16 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009/07/14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2011/07/21 21:18:56 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009/07/14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2011/12/09 00:18:14 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2012/03/12 11:13:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2012/03/01 20:45:26 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: NETBT.SYS  >
[2010/11/20 23:29:08 | 000,187,904 | ---- | M] () MD5=906784CFE6BD222F4DEF2A052F7EA416 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
 
<           >
[2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013/04/09 19:39:29 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013/04/09 19:39:30 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< End of report >
         
--- --- ---

Ist der PC jetzt sauber?

Gruß

Alt 10.04.2013, 01:14   #11
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Zitat:
Ist der PC jetzt sauber?
Nur Geduld, ich werd es dich schon wissen lassen, wenn es soweit ist..
In anderen Foren lassen sie konsequent formatieren bei diesem Teil.



Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    ATTFilter
    C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
             
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.
__________________
cheers,
Leo

Alt 10.04.2013, 01:25   #12
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

hier der Link:

https://www.virustotal.com/de/file/b892c46cbf32de2a14f18dd7ceebe1f9d2f05b6e3421950b069334e475cfcd83/analysis/1365553454/

Alt 10.04.2013, 01:44   #13
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Ach shit, diese Kopie ist auch hinüber.


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:files
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Gehe zu Start -> Alle Programme -> Zubehör, mache einen Rechtsklick auf Eingabeaufforderung und wähle "Als Administrator ausführen".
Gib dann folgenden Befehl ein und bestätige mit Enter:
Code:
ATTFilter
sfc /scannow
         
Es sollte nun nach beschädigten und fehlenden Systemdateien gesucht werden.



Schritt 3
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
/md5start
netbt.sys
/md5stop
         
  • Schliesse bitte alle anderen Programme.
  • Klicke nun auf None (deutsch "Nichts") und danach auf den Scan Button.
  • Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von OTL
__________________
cheers,
Leo

Geändert von aharonov (10.04.2013 um 01:51 Uhr)

Alt 10.04.2013, 02:04   #14
chapman
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hallo
hier der OTL:
========== FILES ==========
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04102013_024635

Nachdem dieser Durchlauf gemacht wurde hat sich avast! den Rootkit eingefangen!

Windows Re.schutz hat beschädigte Dateien gefunden und erfolgreich repariert.

2. OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/10/2013 3:01:58 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Philipp\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.49 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 47.89% Memory free
4.98 Gb Paging File | 3.63 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 2.16 Gb Free Space | 2.90% Space Free | Partition Type: NTFS
Drive G: | 589.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: PHILIPP-PC | User Name: Philipp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========

< End of report >
         
--- --- ---
Cool das ich nicht formatieren musste

Alt 10.04.2013, 02:37   #15
aharonov
/// TB-Ausbilder
 
Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Standard

Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast



Hi,

wir sollten noch eine Kontrolle machen und deine Sicherheitslücken schliessen.


Schritt 1

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 2

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 3

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 4

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________
cheers,
Leo

Antwort

Themen zu Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast
acrobat update, avast, avast!, bedrohung, bedrohung gefunden, bösartige, bösartige webseite, check, gefunde, häufige, inter, interne, internet, launch, meldung, nichts, problem, professional, seite, sekunden, suche, system, system32, warnung, webseite, windows, windows7, ändert



Ähnliche Themen: Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast


  1. windows7 bösartige webseite blokiert
    Plagegeister aller Art und deren Bekämpfung - 27.10.2015 (41)
  2. Gesperrte Downloads / häufige Avast-Warnungen beim Surfen
    Plagegeister aller Art und deren Bekämpfung - 14.09.2015 (13)
  3. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 30.01.2015 (11)
  4. win 7 64 avast meldet bösartige URLS
    Log-Analyse und Auswertung - 10.12.2013 (2)
  5. Avast häufige Meldung "bösartige Website gefunden" (nach voherigen PC Problemen)
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (9)
  6. avast meldet bösartige websites bei anklicken von links
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (13)
  7. Info: avast! blockiert URL und meldet bösartige website
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (11)
  8. Bösartige Internetseiten von Avast gesperrt
    Log-Analyse und Auswertung - 25.06.2013 (11)
  9. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  10. Avast meldet bösartige Website blockiert (URL:Mal) - Prozess: "svchost.exe
    Log-Analyse und Auswertung - 14.11.2012 (5)
  11. Avast bösartige Webseite geblockt! URL:Mal
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (2)
  12. Avast meldet "Bösartige Webseite blockiert"
    Log-Analyse und Auswertung - 05.10.2012 (7)
  13. Google leitet mich beim Anklicken der Ergenislinks auf bösartige Seiten weiter (lt. Avast)
    Log-Analyse und Auswertung - 04.10.2012 (15)
  14. avast meldet Bösartige Website Blockiert
    Log-Analyse und Auswertung - 09.07.2012 (7)
  15. Bösartige Webseite blockiert - Problem mit Antivirenprogramm AVAST!
    Log-Analyse und Auswertung - 18.06.2012 (1)
  16. sehr häufige spyware-meldungen in AcroFF.dll
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  17. Häufige Warnungen von avast
    Plagegeister aller Art und deren Bekämpfung - 18.11.2004 (10)

Zum Thema Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast - Hallo zusammen. Nach langem suchen im Internet habe ich nichts zu meinem Problem gefunden. Es handelt sich um eine Meldung von avast, die besagt das eine Bedrohung Gefunden wurde: z.B. - Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast...
Archiv
Du betrachtest: Sehr häufige Warnung: Bösartige Webseite Blockiet von Avast auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.