| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Generic28.BVLH und Crypt.AXUH an Board :(Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.12.2012, 22:37
| #1 |
 |  Trojaner Generic28.BVLH und Crypt.AXUH an Board :( Hallo zusammen! Schonmal Danke voraus, dass ihr euch Zeit für mein Problem nehmt! Montag ist mir aufgefallen, dass das System einfach absolut unrund läuft, als ich Oblivion mal wieder installieren wollte. Der Rechner war sehr langsam, die Installation min 1 mal abgebrochen und das Spiel ist an untypischen Stellen abgestürzt. Der Tastmanager lies sich gar nicht öffnen, bzw blitzte kurz auf, schloss sich aber direkt wieder. Auch nach mehreren Neustarts gleiches Phänomen. Dachte erst, okay, vielleicht liegts mit der Installation quer - System zurückgesetzt auf den Zeitpunkt vor der Installation. Immernoch kein Taskmanager! Das hat mich dann stutzig gemacht. Sobald eine Anwendung etwas mehr Speicher fraß, weil was nicht rundlief, fror der ganze PC ein. Dienstag konnte ich dann wenigstens noch in den abgesicherten Modus wenn ich ihn wieder hochfuhr. Ab Mittwoch hats während dem Systemstart ausser "F12" um ins Bootmenü oder "Del" für Bios gar nichts erkannt. Ich kann nicht mehr über die Pfeiltasten navigieren oder über "Esc" oder "Enter" was bestätigen oder abbrechen. (USB Tastatur) AVG hat dann Mittwoch 2 Trojaner entdeckt nachdem Ad-Aware nämlich nix fand. (jetzt weiß ich auch, warum ich nie was von dem Programm gehört hab, bevor mein Ex mir das beim Neuaufsetzten damals da drauf gepappt hat) Gefunden wurden eben Generic28.BVLH und Crypt.AXUH Als Ort gab es an: Für Generic28 C:\Windows\SysWOW64\rundll32.exe (2840) C:\Program Files (x86)\Internet Explorer\iexplore.exe (2908) Für Crypt: C:\Windows\SysWOW64\rundll32.exe (2840) Angeblich entfernt, beim Kontrollscan waren sie direkt wieder da, bzw Crypt war weg, Generic immer wieder da (3 Scans...) Plötzlich jammerte der PC dann beim Hochfahren das C:\Users\Michi\AppData\Local\Temp\0_0u_i.exe nicht gefunden und gestartet werden konnte. Beim Lesen über Generic bin ich über die Ansage und ne eeewig lange Liste gestolpert, welche Dateien man manuell alles löschen sollte. Sehr viel auch in Ordnern von Temp Dateien. Das hab ich mich so nicht getraut. Einzig die temporären Daten unter Windows/Temp und eben AppData/Temp hatte ich dann mal kollektiv ausgefegt. Und schwubbs: Die Meldung ploppte nicht mehr auf. Scan mit AVG: Nichts gefunden, Antivir: nichts gefunden. EDIT: Ich hab immer nur ein Programm laufen gehabt. Sobald ich weitere Virenscanner benutzt habe, waren die anderen komplett beendet um Konflikte zu vermeiden. Tipp von nem Freund: "TrojanRemover" verwies dann doch nochmal auf die Datei. Nach nem Neustart hing sich die Kiste dann ganz auf, sobalds sie eine Verbindung zum Neztwerk herstellen wollte. EDIT: War sogar sowild, das es ne Zeitüberschreitung beim Ausführen von Strg+Alt+Entf gab und ich die Kiste hart ausschalten sollte!! Das Windows mir das mal rät ôO Heute nach der Arbeit dann nochmal ohne Lan-Verbindung hochgefahren: Ging! TrojanRemover nochmal seinen FastScan gemacht. Soweit gut - nichts gefunden PC ist seitdem noch nicht neugestartet worden, da ich froh war, ans Internet zu kommen für weitere Hilfe. Dann bin ich über euer Bord gestolpert. Lange Rede, kurzer Sinn: Bin ich das miese Vieh wirklich los? Hier die Logfiles von OTL: Code:
ATTFilter OTL logfile created on: 14.12.2012 21:38:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free 8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.10.27 09:49:59 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.10.21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.12 19:25:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.07 20:43:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.11.02 00:08:48 | 001,340,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.29 11:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.01.18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.05.17 17:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 05:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 05:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.11 15:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs) DRV:64bit: - [2011.04.29 13:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2011.04.05 16:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw) DRV:64bit: - [2011.04.05 16:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis) DRV:64bit: - [2011.04.05 16:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP) DRV:64bit: - [2011.02.08 08:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.04.29 13:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 7E 7E 03 88 D7 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{9A21F002-B57C-4B44-8AEC-F78DAE5C3959}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=de_NL" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10267&locale=de_NL&apn_uid=5d692efb-ad1c-4af5-b74c-3db8907c1e40&apn_ptnrs=%5EAGY&apn_sauid=C9498B6C-C066-4741-B4B1-2985A609E5A3&apn_dtid=%5EYYYYYY%5EYY%5ENL&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 11:09:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.11 11:09:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.07 20:43:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.04.30 21:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2012.12.13 21:06:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions [2012.12.13 21:06:35 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\n3ze8381.default-1355223939464\extensions\toolbar@ask.com [2012.12.13 21:06:35 | 000,002,344 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\n3ze8381.default-1355223939464\searchplugins\askcom.xml [2012.12.11 11:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.11 11:09:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.03 11:45:03 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009.08.14 11:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2009.08.14 11:33:30 | 000,091,480 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2009.08.14 11:33:26 | 000,020,824 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 16:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcm80.dll [2007.03.16 16:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcp80.dll [2007.03.16 16:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\msvcr80.dll [2009.08.14 11:35:40 | 000,427,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2009.08.14 11:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012.06.26 17:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 07:03:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.26 17:41:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.26 17:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.26 17:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.26 17:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKCU..\Run: [Spotify] C:\Users\Michi\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Michi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F544E0B-93CF-4601-940A-6CF30D3BAFAE}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.07.14 12:08:11 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ] O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell - "" = AutoRun O33 - MountPoints2\{27c5938d-977c-11e1-ba14-001fd05d8c26}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e5bbf3e7-92f0-11e1-96ff-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.07.14 12:08:11 | 000,111,880 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 21:32:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.12.14 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien [2012.12.13 22:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Simply Super Software [2012.12.13 22:18:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Simply Super Software [2012.12.13 22:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2012.12.13 22:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.12.13 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Avira [2012.12.13 21:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.13 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.12.13 21:05:22 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.13 21:05:22 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.13 21:05:22 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.13 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.13 20:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.12.13 20:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.12.13 20:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2012.12.12 19:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.12.12 19:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2012.12.12 19:19:09 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero_AG [2012.12.12 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Nero [2012.12.12 19:18:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Nero [2012.12.12 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2012.12.12 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2012.12.12 19:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2012.12.12 19:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2012.12.12 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\AVG2013 [2012.12.12 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.12 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TuneUp Software [2012.12.12 17:44:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.12.12 17:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.12 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2012.12.12 17:37:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\MFAData [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.12.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Avg2013 [2012.12.11 13:05:16 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\image win 7 [2012.12.11 12:54:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\win 7 [2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roadkil.Net [2012.12.11 12:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roadkil.Net [2012.12.11 12:51:24 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\isopuzzle [2012.12.11 12:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster [2012.12.11 12:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor [2012.12.11 12:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects [2012.12.11 12:10:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\ImgBurn [2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.12.11 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.12.11 12:05:42 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Alte Firefox-Daten [2012.12.11 11:12:04 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\adaware [2012.12.10 23:10:32 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\ElevatedDiagnostics [2012.12.10 18:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Improved [2012.12.10 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oblivion Improved [2012.12.10 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.12.09 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\oblivion [2012.12.09 20:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oblivion Mod Manager [2012.12.09 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\my games [2012.12.09 19:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks [2012.12.09 19:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks [2012.12.09 18:59:09 | 000,000,000 | RH-D | C] -- C:\Users\Michi\AppData\Roaming\SecuROM [2012.11.29 19:07:05 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\TeamViewer [2012.11.29 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012.11.19 21:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation ========== Files - Modified Within 30 Days ========== [2012.12.14 21:35:34 | 000,000,000 | ---- | M] () -- C:\Users\Michi\defogger_reenable [2012.12.14 21:33:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe [2012.12.14 21:32:16 | 000,065,416 | ---- | M] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.12.14 21:31:32 | 000,050,477 | ---- | M] () -- C:\Users\Michi\Desktop\Defogger.exe [2012.12.14 21:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 21:21:42 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.14 21:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.14 21:07:06 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 22:18:46 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.12.13 21:06:46 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.13 19:38:48 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.12 19:27:24 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.12 19:17:29 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.12.12 17:46:41 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 19:50:13 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2012.12.11 19:50:13 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2012.12.11 12:53:44 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk [2012.12.11 12:41:23 | 000,001,192 | ---- | M] () -- C:\Users\Michi\Desktop\IsoBuster.lnk [2012.12.11 12:08:43 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.12.11 11:17:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\SBRC.dat [2012.12.09 12:12:53 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job [2012.12.06 16:45:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.06 16:45:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.06 16:45:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.06 16:45:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.06 16:45:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.29 19:05:36 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.12.14 21:35:34 | 000,000,000 | ---- | C] () -- C:\Users\Michi\defogger_reenable [2012.12.14 21:32:12 | 000,065,416 | ---- | C] () -- C:\Users\Michi\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html [2012.12.14 21:31:30 | 000,050,477 | ---- | C] () -- C:\Users\Michi\Desktop\Defogger.exe [2012.12.13 22:18:46 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2012.12.13 21:06:46 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.12 19:27:24 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.12.12 19:27:24 | 000,001,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.12.12 19:17:29 | 000,002,109 | ---- | C] () -- C:\Users\Public\Desktop\Nero Kwik Media.lnk [2012.12.12 17:46:41 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.11 12:53:44 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Roadkil's Unstoppable Copier.lnk [2012.12.11 12:41:23 | 000,001,192 | ---- | C] () -- C:\Users\Michi\Desktop\IsoBuster.lnk [2012.12.11 12:08:43 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.12.11 12:08:43 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2012.12.11 11:52:36 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2012.12.11 11:52:36 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2012.12.11 11:17:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\SBRC.dat [2012.11.29 19:05:36 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.11.29 19:05:36 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.11.18 22:51:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.18 22:40:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.07.02 18:31:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.04.30 21:37:42 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.08 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\.minecraft [2012.12.11 11:15:41 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ad-Aware Antivirus [2012.11.29 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Audacity [2012.12.12 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\AVG2013 [2012.12.12 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canneverbe Limited [2012.05.14 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Canon [2012.12.14 21:29:21 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Dropbox [2012.05.10 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Foxit Software [2012.10.16 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICAClient [2012.12.11 12:10:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ImgBurn [2012.07.04 23:48:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView [2012.08.28 18:46:32 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Juniper Networks [2012.05.02 06:44:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org [2012.07.04 23:53:29 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\RCP 6 [2012.12.13 22:18:50 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Simply Super Software [2012.12.14 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Spotify [2012.11.29 19:22:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TeamViewer [2012.04.30 21:12:31 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Thunderbird [2012.05.01 19:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TS3Client [2012.05.01 19:36:47 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ts3overlay [2012.12.12 17:46:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 21:38:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,37% Memory free
8,00 Gb Paging File | 6,43 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 76,59 Gb Total Space | 29,32 Gb Free Space | 38,28% Space Free | Partition Type: NTFS
Drive D: | 275,41 Gb Total Space | 263,09 Gb Free Space | 95,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 61,66 Mb Free Space | 61,66% Space Free | Partition Type: NTFS
Drive F: | 22,67 Gb Total Space | 22,58 Gb Free Space | 99,57% Space Free | Partition Type: NTFS
Drive G: | 2,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F60E8D-C8DE-49BE-9204-F7E2863BB0D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2AEC7EC9-0E3D-45E6-A209-DADBEBCA5594}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30CDDF08-726B-4192-9E95-DA63102708BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{3146F934-674A-458D-9032-5DDE025022C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C329E82-823D-4FB9-8091-60955D61A6E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41697BEB-BC90-4759-B0B5-DEFE82258C37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4879CA2C-043C-449B-908B-A46F91FBB97A}" = lport=445 | protocol=6 | dir=in | app=system |
"{4ACF8635-E5D5-457B-9958-7B5C903373F7}" = lport=139 | protocol=6 | dir=in | app=system |
"{728D48E0-F24D-4B69-A75B-280271D96FFB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72AFE86F-11B4-4423-8FBC-0C78A59B2043}" = lport=138 | protocol=17 | dir=in | app=system |
"{8811505D-B057-4E49-91EF-D313040305E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CA00294-0804-49FF-83FF-B725F9DE0DAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{903683B4-E788-44F9-94A3-0EA17C3F999A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{937497CF-B13F-4AEA-B608-8C2DE7D93664}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A849CEC8-D9A6-4D2B-8BF8-087CD022F6DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3749D49-D066-407C-9FAE-BB34AA0C81D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7FCB0AB-9329-4F77-9C16-43C2FE2695A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF05A72E-E088-4C13-9A28-9EF75E4C68B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1D31D53-074C-4725-BDCB-121B3902777A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7512FEF-C511-446E-AF2B-060157F8E8DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EAFC6C16-E804-4271-A528-AD7CFE2DE88D}" = rport=137 | protocol=17 | dir=out | app=system |
"{ECA33431-1DA2-4823-8AFD-B447115835A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD4A5C62-D823-49BD-99B0-641490DDEB5A}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046C9906-2ADE-43B4-A140-0E082A706D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{062962F7-AC2A-452A-96C8-9FC9F8D395FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{07CFE2D1-33F8-430D-965D-B891263F2937}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{11736EA1-B3E6-4C25-AFA3-C7FAB51DB000}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16C17FEC-2829-4BF5-A1D4-AC979F44E585}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{21459F0D-CF85-4E65-A669-2B6096673AB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22A11654-90F9-4392-8C1A-C78E4C83E81A}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{22C80196-6BCD-46F5-AC13-ABFADECE7D75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27F8FAA5-8DE4-43A7-9AF9-2BE3F488E752}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E913C22-E0AE-4648-8099-918682D7DA60}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3791539E-6F69-4FF3-81D9-4CB76E1B842A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{39B1B689-455B-407D-BA9D-C50A1FFF436A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3BECD75F-0AFC-435D-8693-C1C4789C3AD6}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"{3E79DB4D-EA1A-425B-B1F9-DF8C01CB7D21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6316DA77-A4CA-43CF-8483-C4D9451B4B5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DA76A9B-643F-4CC9-B5F4-834E21E3E582}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{78D721FC-82F5-4EB8-8C2A-CA99E665DE69}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{7CB442C0-9EBB-4E2F-8DE1-5E11FC99E513}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7E2353FF-8F67-44CC-9132-9B98A89E3B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E397181-EB2E-4E31-8AC4-23875BFCCACA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{90490784-4963-4582-BB45-2F524D96EDCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96586787-5B9A-4F4C-A47B-9DBC2C297D21}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9B91A62D-54C0-4C6B-966E-4C3B993F8D0F}" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{9BDA0D94-F911-4B8D-94EA-2F980BEE0DC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F420CFF-2583-46F6-9A98-89F932996996}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A0CFEB72-310A-4165-A749-B45645DFFD98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25ED3FA-053A-4115-B162-CFECE9351AE1}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{A5D9EC14-B8C0-4CE8-B6BE-52384555C472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AD0301E0-9680-4396-B5AA-3C22A57AC57C}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"{AD181834-C8D1-4EEA-9B40-20D699CB6E8A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{B8281A05-DD2A-42D1-97CA-6AF8A9378736}" = protocol=6 | dir=out | app=system |
"{C578EDF6-9459-4579-96FD-AA480D3EE303}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C96E6E0A-07E2-4129-B741-A8A60C88A5C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D14314E4-6765-4C84-87EC-3DEBFE50CDFB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D890A29D-1174-46AA-906A-89C9CE6F4FBF}" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\spotify\spotify.exe |
"{DB3D034C-FFCE-48BB-984A-7E13FE1C9465}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DBFD7F88-11E5-464E-9A8A-DBD4BAA6C355}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E86A9B4A-8566-4912-8EC9-1A55DAF678FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F100ACFF-515C-4778-B62E-86F757E26E53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB1ED8AD-FF73-4765-B2BE-3B44664283B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{76B8A690-EFE2-4271-829B-44E303817930}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C2C0422B-830C-4FC8-86B4-6A7229F2FB4E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{01C16974-8243-463F-A0C9-344A78E76F28}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{651E8647-D074-4069-AD78-CE7B6F025B9F}C:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michi\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2981DA65-BD02-4DCC-9D64-C8E325AE6B9B}" = Nero Kwik Media
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C0B165DC-F037-483F-B1C9-D89D91529CEB}" = Citrix XenApp Web Plugin
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Foxit Reader_is1" = Foxit Reader
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ReaConverter 6.7 Standard_is1" = ReaConverter 6.7 Standard
"Security Task Manager" = Security Task Manager 1.8d
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.5
"VLC media player" = VLC media player 2.0.1
"waterMark V2" = waterMark V2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Puzzle Pirates" = Puzzle Pirates
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2012 06:01:04 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 11.12.2012 06:13:21 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: c2c_service.exe, Version: 6.3.0.11079,
Zeitstempel: 0x506ada69 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x5e4 Startzeit der fehlerhaften Anwendung: 0x01cdd787cb9b0740 Pfad der
fehlerhaften Anwendung: C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 638911f0-437b-11e2-b0c7-001fd05d8c26
Error - 11.12.2012 06:13:23 | Computer Name = Michi-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Skype C2C Service" konnte nicht heruntergefahren
werden.
Error - 11.12.2012 06:13:40 | Computer Name = Michi-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 11.12.2012 07:36:21 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
nicht initialisiert werden. Details: Could not query the status of the EventSystem
service. System Error: Der Computer wird heruntergefahren. .
Error - 11.12.2012 07:51:00 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001c0d ID des fehlerhaften
Prozesses: 0x1218 Startzeit der fehlerhaften Anwendung: 0x01cdd795c5dbbe40 Pfad der
fehlerhaften Anwendung: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Pfad
des fehlerhaften Moduls: C:\Users\Michi\AppData\Local\Temp\Rar$EXa0.769\IsoPuzzle.exe
Berichtskennung:
07f8b300-4389-11e2-a795-001fd05d8c26
Error - 11.12.2012 07:51:42 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Name des fehlerhaften Moduls: IsoPuzzle.exe, Version: 1.0.0.1,
Zeitstempel: 0x478bece0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001c0d ID des fehlerhaften
Prozesses: 0x724 Startzeit der fehlerhaften Anwendung: 0x01cdd795dec4ba10 Pfad der
fehlerhaften Anwendung: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe Pfad des
fehlerhaften Moduls: C:\Users\Michi\Desktop\isopuzzle\IsoPuzzle.exe Berichtskennung:
20bfde90-4389-11e2-a795-001fd05d8c26
Error - 11.12.2012 14:34:18 | Computer Name = Michi-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Michi\Downloads\SoftonicDownloader_fuer_irfanview.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 12.12.2012 13:42:06 | Computer Name = Michi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avgui.exe, Version: 13.0.0.2792,
Zeitstempel: 0x50993af1 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.1,
Zeitstempel: 0x4d5f0c22 Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften
Prozesses: 0xc34 Startzeit der fehlerhaften Anwendung: 0x01cdd888e801bdb4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\AVG\AVG2013\avgui.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\MSVCR100.dll Berichtskennung: 3e924aac-4483-11e2-a09d-001fd05d8c26
Error - 13.12.2012 15:57:56 | Computer Name = Michi-PC | Source = Application Hang | ID = 1002
Description = Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 123c Startzeit:
01cdd96c124b3350 Endzeit: 94 Anwendungspfad: C:\Program Files (x86)\Spybot - Search
& Destroy\SpybotSD.exe Berichts-ID: 5bfab1b1-455f-11e2-99e9-001fd05d8c26
[ System Events ]
Error - 13.12.2012 17:40:05 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.12.2012 17:42:03 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Ad-Aware" wurde nicht richtig gestartet.
Error - 13.12.2012 17:42:55 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 13.12.2012 17:42:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 13.12.2012 17:43:19 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 14.12.2012 16:07:09 | Computer Name = Michi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?12.?2012 um 22:43:30 unerwartet heruntergefahren.
Error - 14.12.2012 16:07:21 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
SBSD Security Center Service erreicht.
Error - 14.12.2012 16:07:56 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SBSD Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.12.2012 16:07:58 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
Geändert von Ilithrien (14.12.2012 um 23:03 Uhr) |
| Themen zu Trojaner Generic28.BVLH und Crypt.AXUH an Board :( |
| ad-aware, antivir, antivirus, application/pdf:, avira, avira searchfree toolbar, bho, bootmenü, error, firefox, flash player, google, iexplore.exe, immer wieder da, install.exe, kis, langsam, msiinstaller, nicht öffnen, nvidia update, pirates, plug-in, problem, programm, realtek, registry, richtlinie, safer networking, security, sehr langsam, software, spotify web helper, super, svchost.exe, system, system error, taskmanager, teamspeak, trojaner, visual studio, warum, windows |
Baum-Darstellung