Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu

Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu


Plagegeister aller Art und deren Bekämpfung: Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.02.2013, 14:20   #1
Beagles
 
Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu - Standard

Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu


Avast meldete heute, dass es eine "bösartige Website" blockiert hat. Kurz darauf schlossen sich alle Programme und der Rechner startete sich neu, ohne dass ich dies in irgendeiner Weise eingeleitet habe.
Nach dem Neustart verhielt sich das System unauffällig.
Secunia PSI fielen ein paar neue Dinge, die ein Update benötigen (Thunderbird, Firefox, Java SDK und JRE). Zuvor schob ich lediglich das Update der MySQL Server Version 5.5 auf die aktuellste ein paar Wochen vor mir her.
Ich wunderte mich darüber, dass laut Windows-Programmliste angeblich die neueste Java-Runtime-Environment-Version (7u15) installiert war. Ich erinnere mich lediglich 7u13 installiert zu haben.
Perplex habe ich die Java-Sachen deinstalliert und neu installiert, Firefox und Thunderbird upgedated.
Ich bezweifle, dass Java sich unbemerkt selbst upgedated hat und danach ungefragt einen Neustart durchführte.
Ich bin daher sehr unsicher, ob die Schadsoftware sich gegen Avast durchgesetzt hat und mein System nun trotz unauffälligen Verhaltens befallen ist.
Leider ist es mir nicht gelungen Avast vor dem Durchführen der Scans zu deaktivieren. Es schien jedoch auch keinen Ärger zu machen, nachdem ich die Aktivitäten der Scan-Programme erlaubt hatte.
Die Logs habe ich eingefügt. Leider war das gmer-Log zu groß zum posten oder anhängen. Es ist hier zu finden: https://www.wetransfer.com/downloads/5d5c026d243cc868b1906fb5b801991720130221131824/582757de9498f0a0a37c4799db23719920130221131824/ade889#

OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.02.2013 13:24:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = K:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,83% Memory free
8,00 Gb Paging File | 6,48 Gb Available in Paging File | 81,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63,90 Gb Total Space | 23,83 Gb Free Space | 37,30% Space Free | Partition Type: NTFS
Drive D: | 401,76 Gb Total Space | 74,07 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive K: | 1,89 Gb Total Space | 0,91 Gb Free Space | 48,21% Space Free | Partition Type: FAT
 
Computer Name: MYOHO | User Name: myo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.21 13:19:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.08.29 10:12:24 | 009,717,760 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.13 12:12:13 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.15 19:06:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.10.14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.09 01:16:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.07 16:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.07.31 10:09:38 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.16 16:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.12 13:58:08 | 001,213,440 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010.03.31 03:10:18 | 000,450,048 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{B4B818C5-8925-43DB-90D2-81CACC85C7FA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.02 11:00:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.21 13:04:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.13 15:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 11:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.05.03 06:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\myo\AppData\Roaming\mozilla\Extensions
[2013.02.21 13:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-2OM07.exe ()
O4 - Startup: C:\Users\myo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBB6238C-3968-42D1-B7D8-DCC1F5FB7705}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.21 10:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.21 10:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.14 01:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2013.02.14 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\myo\AppData\Roaming\MySQL
[2013.02.13 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.25 11:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
[2013.01.25 11:02:26 | 000,000,000 | ---D | C] -- C:\Users\myo\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.21 13:23:20 | 000,000,168 | ---- | M] () -- C:\Users\myo\defogger_reenable
[2013.02.21 13:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 13:04:24 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.21 13:02:16 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001UA.job
[2013.02.21 13:02:16 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.21 13:01:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.21 11:01:00 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013.02.21 10:53:12 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 10:53:12 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 10:48:25 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.21 10:47:47 | 000,316,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.21 10:47:37 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.20 19:11:13 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-860810461-1551829927-3967776457-1001Core.job
[2013.02.14 00:22:51 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 00:22:51 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.14 00:22:50 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 00:22:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 00:22:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
 
========== Files Created - No Company Name ==========
 
[2013.02.21 13:23:20 | 000,000,168 | ---- | C] () -- C:\Users\myo\defogger_reenable
[2013.02.21 13:04:24 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.21 13:04:24 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.21 11:01:00 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.09.06 13:06:36 | 000,000,439 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.09.06 12:43:08 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.07.06 20:00:19 | 000,704,512 | ---- | C] () -- C:\Windows\is-2OM07.exe
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.10 17:09:48 | 000,017,408 | ---- | C] () -- C:\Users\myo\AppData\Local\WebpageIcons.db
[2012.06.04 07:53:10 | 000,000,496 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.05.09 12:53:53 | 000,000,218 | ---- | C] () -- C:\Users\myo\AppData\Local\recently-used.xbel
[2012.04.02 19:18:53 | 000,036,363 | ---- | C] () -- C:\Windows\CSTBox.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.03 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\DAEMON Tools Lite
[2012.05.09 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\inkscape
[2012.06.18 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\JAM Software
[2012.03.21 01:29:12 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Leadertech
[2013.02.14 00:58:28 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\MySQL
[2013.01.27 04:51:43 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Notepad++
[2012.07.23 08:10:54 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\pdfforge
[2012.05.03 06:47:03 | 000,000,000 | ---D | M] -- C:\Users\myo\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 

< End of report >
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.02.2013 13:24:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = K:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,83% Memory free
8,00 Gb Paging File | 6,48 Gb Available in Paging File | 81,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 63,90 Gb Total Space | 23,83 Gb Free Space | 37,30% Space Free | Partition Type: NTFS
Drive D: | 401,76 Gb Total Space | 74,07 Gb Free Space | 18,44% Space Free | Partition Type: NTFS
Drive K: | 1,89 Gb Total Space | 0,91 Gb Free Space | 48,21% Space Free | Partition Type: FAT
 
Computer Name: MYOHO | User Name: myo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [git_gui] -- "C:\Program Files (x86)\Git\bin\wish.exe" "C:\Program Files (x86)\Git\libexec\git-core\git-gui" "--working-dir" "%1" (ActiveState Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06938BC8-EE76-42F6-828D-2C6F10D1CE84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C6BA1B6-5CE9-4923-A7A7-BF6A00E04613}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1E189597-9DA7-4748-89F0-ECC2F8A733DF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{254058D3-33D4-4F7B-A43B-36FB23252C59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32BFB75C-03F8-473C-9269-DBC2439408BE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3F8E338E-3E67-485B-9330-7DD583D7B288}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6A04C479-771A-4CE1-9566-7E01CBD62472}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6F9E40DD-2A98-49A1-A0B9-7BD2624C7FE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{71B4813A-86FA-44FF-8C6F-049F38AF3934}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7653C635-A54A-4B57-AE23-F602E4973815}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8DF00324-75ED-4C2D-8D53-47AE1A0E46C2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{917F5893-52FA-4E45-84F2-3173D48887B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{95FD148D-C6BE-4B33-A526-A290621B7557}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{981508A7-9EA5-41A7-894E-64E5AC0B79E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F6084E1-6B48-47A1-8528-AD8FE28D2827}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B8C63E57-7677-4B0A-A0FF-B7BAFCA5FF0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B9C21A87-92A0-4F83-BD59-6BA6A78DDF70}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C707617C-DD7A-4BE0-A265-EC1155F24B11}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D88EBBE9-ECFA-4090-B47B-6648CE961CFB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E2464154-DB03-4AAD-A485-33B8BC9ADA98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3934032-4ABE-4646-8326-29AD8A118338}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E50B8A00-F98F-4FD3-A6DB-A9CBF2E60FFB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EDE9B2CA-2967-4EBB-BA58-CF0C9F076E0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03942A9C-2ACD-49BB-B66C-154878D6FE7A}" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"{0B21A3E9-621B-4EA2-9CDF-265DB5936D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe | 
"{0CCF373D-E3B2-4D5E-A940-DD5181FE2DC2}" = protocol=6 | dir=out | app=system | 
"{0CE8FA6D-AF7A-4A5C-8365-7F87DE686D79}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{12D9AF37-8D44-4FF2-931E-F6CC9E535F54}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{15CBF0AA-3AAF-47E6-85E9-CCEC5E7A183A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{199027E9-1F1A-4D8C-8583-99F794B074C5}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{1ECC44CE-CAA1-4BCA-AFA0-8B0AE812B099}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{1F04691B-D2B3-4BE6-BE66-A843AACF8327}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1F259F13-B30E-42ED-B048-6490566B150D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{27A40ACC-CD68-4AC7-9D44-7B1B950901C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2BE43CB2-82F0-4EF1-9C62-43820E4AF8BF}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{2C19061D-4D7A-49C2-A57D-7A33AA774AF6}" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"{3398ADF9-E58C-49EE-AF7C-03C58A02A686}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A44280B-61E2-4563-82C7-A7E56957B5B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe | 
"{3D3E3594-7500-43DE-9936-5C7F250CF122}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{42AB3790-429D-4B68-B911-45AE0119D8CC}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{4EF3E20C-9429-4D7D-9F45-DA1D7187EC97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{52BB1106-FE88-4987-BA7A-D9451B271EFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59A76F0D-BF9F-4644-9298-EA38F29BC9ED}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{6730804F-5782-4EC0-94EF-602149E790D6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{69D95D79-DA95-4886-8C79-0F14FA9483F2}" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"{6EA2E8D3-B493-4674-9232-DD82CCCC0CD8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{721AFF93-456F-4E35-9071-4CE3501110B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73624FB7-D881-47EE-B0E6-DC554B2A2CAF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{790C0760-AA19-4CD7-B838-99D900BDECBF}" = protocol=6 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe | 
"{82A0C7B2-8982-4C51-B391-314B08B4DF1B}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{8FD57D61-7796-4CB6-958C-5D35DAF14205}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{94C700D4-8902-48C6-988C-C489C3B8C4F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94FBADB4-3E16-498A-A8B8-628F225B0D89}" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"{9ADE8D28-A778-4D83-AFA4-52D921AE9090}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{9AF2BCE1-F905-43CB-8505-B61DB0A469D9}" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"{9E2B8324-9FCE-49AE-A616-7661F692EC96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A5751E2E-3D5C-4836-AA95-04689202C47C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe | 
"{AC22E04E-3B8C-4AA6-B620-8AE6557134A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B0DC1FB9-10EF-41FD-89F1-D34D1439EF77}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\dmolj\counter-strike\hl.exe | 
"{B35F826E-0F51-4BBB-B4E6-FA353AE6CAA2}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"{BC579CC7-A10D-46DC-876F-B7AFCD7E1F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\gnucash\bin\gnucash.exe | 
"{C3343384-940C-42E8-92C6-F78FB819BE39}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C4780D0D-05D0-4FFC-A662-0B35CC7D8736}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5DBBF21-EA1C-406D-BD38-6B4F48F88213}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C897EAE1-638A-470F-BD5A-7F1FAA4A32AC}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{C97B11BA-DC35-4400-9857-44C4B005E4BE}" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"{CEEEBD38-5526-4452-99D9-17B9C2BFD3CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D2566B31-B5E5-4C5B-AB75-D480B9FA3B56}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D71E5C4E-9D2F-470D-9BB6-105671ADF4BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2877981-8ED7-429C-A9E3-282A1FA52E52}" = protocol=17 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe | 
"{E78C4CE1-1A29-4229-9CC0-9717BD7AF2CF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{E8386ECB-C114-4BA4-8786-D7647363064D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EAA6277A-F81E-4238-A315-5C06B8ACCEF2}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"{EE4426D3-8F71-4A66-886D-5DCA07DB044E}" = protocol=6 | dir=in | app=c:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{F06FA4BF-759E-4856-B299-C5E4DBBE8F30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F9D25D19-6BC9-4D58-A2BD-C79670ADAD7B}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"{FF88CCD1-3B29-4132-B3E6-DA5FDF443DE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{013654B9-20F8-4BCA-9B15-12C502312C9A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{50D8E50A-8D8C-4D99-9ABC-490AFB2A5E62}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5969A7E8-BB75-4635-B6B8-9EA4D5E786BB}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | 
"TCP Query User{6AA42E09-B3A4-470C-92D6-605A1D52526F}C:\users\ho\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe | 
"TCP Query User{CD4BDB21-D35D-4073-871C-057363507D6C}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{D2AA83CC-9E53-4814-8740-986F72B37248}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{DDBD04B2-6D76-4AE1-B1EB-50A5D05FB52A}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"TCP Query User{F1C8FD9D-9F10-4A7F-8FDA-9F83BA75174C}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{FE0FEB95-FF23-44A2-A9AE-DBFCDAA639F6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{1E341514-B3C1-46B6-9384-564D2C71441E}C:\program files (x86)\x-chat 2\xchat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\x-chat 2\xchat.exe | 
"UDP Query User{21DD9B44-4687-42F5-B938-A50CCF0F3966}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"UDP Query User{27DF5E8C-F3D1-4DA7-982B-46042C9F5F66}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{3DCCAB45-2E37-467F-BD8E-393F7A6FC929}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{40D31FEC-EAC4-43D3-AD6D-3755506B1496}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{57BD31B5-ABD8-498A-AB7F-29B55BA54692}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | 
"UDP Query User{61FC1558-05A4-4A96-A9D6-57351B9AE202}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B855A610-5158-4639-ACDF-BAD552C2D8E1}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{EC6EB127-4E9B-453F-BF3D-5EE6CB93D5A0}C:\users\ho\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\ho\appdata\local\programs\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04D42880-78A6-43EC-BAA8-7B1D1B2BB3E7}" = MySQL Server 5.5
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5CA882E6-4BF0-4E55-B290-6C4EAD6E586E}" = MySQL Server 5.5
"{64A3A4F4-B792-11D6-A78A-00B0D0170150}" = Java SE Development Kit 7 Update 15 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.0
"LSI Soft Modem" = LSI USB 2.0 Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DFFF131-8BA6-4236-850C-7279B9C446F1}" = LibreOffice 3.5
"{13223780-8ABA-4209-88A2-AB2AF464417D}" = MySQL Workbench 5.2 CE
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.80
"{65A5E87D-7A3F-4819-807D-B86990D5F369}" = inSSIDer
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"avast" = avast! Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.8 (17/04/2012) Qt
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"foobar2000" = foobar2000 v1.1.13
"GanttProject" = GanttProject
"Git_is1" = Git version 1.7.10-preview20120409
"GnuCash_is1" = GnuCash 2.4.10
"IETester" = IETester v0.4.8 (remove only)
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.3.1
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SMPlayer" = SMPlayer 0.8.1
"Steam App 10" = Counter-Strike
"TeamViewer 7" = TeamViewer 7
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"X-Chat 2_is1" = X-Chat 2.8.6-2
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.10.2012 13:00:27 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.4.3365.1552,
 Zeitstempel: 0x4fbf5043  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x290b0003  ID des fehlerhaften
 Prozesses: 0x1ac4  Startzeit der fehlerhaften Anwendung: 0x01cda8bacd89a4a8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a6ea5ca6-1620-11e2-8a04-001966e11ce0
 
Error - 14.10.2012 15:11:31 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: googledrivesync.exe, Version: 1.4.3365.1552,
 Zeitstempel: 0x4fbf5043  Name des fehlerhaften Moduls: python26.dll, Version: 2.6.4150.1013,
 Zeitstempel: 0x4ae54ea8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b0005  ID des fehlerhaften
 Prozesses: 0xf30  Startzeit der fehlerhaften Anwendung: 0x01cdaa387b9ce55c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Google\Drive\googledrivesync.exe
Pfad
 des fehlerhaften Moduls: C:\Users\ho\AppData\Local\Temp\_MEI33842\python26.dll  Berichtskennung:
 f5c27938-1632-11e2-bd1a-d0d8575181e7
 
Error - 20.10.2012 01:50:37 | Computer Name = myoho | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 08.01.2013 20:42:41 | Computer Name = myoho | Source = .NET Runtime Optimization Service | ID = 1107
Description = 
 
Error - 16.01.2013 06:50:52 | Computer Name = myoho | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 16.01.2013 15:53:04 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: googledrivesync64.dll, Version:
 1.7.4018.3496, Zeitstempel: 0x509c54ba  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000049981
ID
 des fehlerhaften Prozesses: 0xcc0  Startzeit der fehlerhaften Anwendung: 0x01cdee024a492659
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Google\Drive\googledrivesync64.dll  Berichtskennung: 56d199bc-6016-11e2-b440-001966e11ce0
 
Error - 23.01.2013 13:19:15 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1348  Startzeit der fehlerhaften Anwendung: 0x01cdf4232a371e26
Pfad
 der fehlerhaften Anwendung: C:\Windows\explorer.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 02ecfd92-6581-11e2-b440-001966e11ce0
 
Error - 13.02.2013 20:04:49 | Computer Name = myoho | Source = MySQLInstaller.ExceptionLog | ID = 0
Description = 
 
Error - 13.02.2013 20:18:43 | Computer Name = myoho | Source = .NET Runtime | ID = 1026
Description = 
 
Error - 13.02.2013 20:18:43 | Computer Name = myoho | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MySQLWorkbench.exe, Version: 5.2.40.8790,
 Zeitstempel: 0x4fa2f938  Name des fehlerhaften Moduls: grt.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4fa2e36b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000017d8  ID des fehlerhaften
 Prozesses: 0xd18  Startzeit der fehlerhaften Anwendung: 0x01ce0a48d0f70c78  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\MySQL\MySQL Workbench 5.2 CE\grt.dll
Berichtskennung:
 16da7266-763c-11e2-b17b-001966e11ce0
 
[ System Events ]
Error - 25.01.2013 05:55:10 | Computer Name = myoho | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 26.01.2013 13:53:33 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 31.01.2013 20:35:42 | Computer Name = myoho | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 03.02.2013 14:06:33 | Computer Name = myoho | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 04.02.2013 02:28:40 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 05.02.2013 14:37:13 | Computer Name = myoho | Source = DCOM | ID = 10005
Description = 
 
Error - 05.02.2013 14:37:12 | Computer Name = myoho | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%109
 
Error - 06.02.2013 04:38:19 | Computer Name = myoho | Source = bowser | ID = 8003
Description = 
 
Error - 06.02.2013 16:00:15 | Computer Name = myoho | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 08.02.2013 10:35:57 | Computer Name = myoho | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
Geändert von Beagles (21.02.2013 um 14:30 Uhr)

 

Themen zu Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu
7-zip, angeblich, application/pdf:, audacity, avast, befallen, blockiert, bösartige website, dinge, firefox, heute, infiziert, infiziert?, install.exe, installiert, java, jdownloader, msiinstaller, neu, neue, neues, neustart, ntdll.dll, nvidia update, plug-in, programme, rechner, server, system, tracker, trotz, unbemerkt, ungefragt, update, version, woche, wochen, wunder


« Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? | Computer wird bei Verbindung mit dem Internet gesperrt »


Ähnliche Themen: Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu


  1. Nach USB-Stick: Avast meldet blockieren der Websites disorderstatus.ru und diferentia.ru; Prozess windows\SysWOW64\msiexec
    Log-Analyse und Auswertung - 14.09.2015 (13)
  2. Win. 8.1: Website laut Avast bei Firefox infiziert
    Log-Analyse und Auswertung - 05.01.2015 (34)
  3. Topliste infiziert von bösartiger Website
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (3)
  4. Windows 7: Avast meldete Infektion durch win32:bprotect-D
    Log-Analyse und Auswertung - 23.06.2014 (17)
  5. Avast blockiert ständig schädliche Website
    Plagegeister aller Art und deren Bekämpfung - 31.03.2014 (11)
  6. Windows 7: Avast meldet bei JEDER Website "schädliche Website blockiert"!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (20)
  7. Website wird von Avast blockiert - Trojaner Warnung
    Log-Analyse und Auswertung - 01.12.2013 (1)
  8. Info: avast! blockiert URL und meldet bösartige website
    Plagegeister aller Art und deren Bekämpfung - 30.06.2013 (11)
  9. Avast meldet Trojaner auf meiner Website?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (13)
  10. Rootkit? Avast: Bösartige Website blockiert, svchost.exe ...
    Log-Analyse und Auswertung - 04.06.2013 (13)
  11. bprotect.exe und/oder werfault.exe blockieren Rechner
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (31)
  12. weißer Bildschirm mit Text " Website kann nicht angezeigt werden" -> Avast meldete Trojaner Ransom-D
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (25)
  13. WIN7 Rechner startete einfach neu
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (3)
  14. avast meldet Bösartige Website Blockiert
    Log-Analyse und Auswertung - 09.07.2012 (7)
  15. angriffe von " bösartiger website"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  16. Website infiziert?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (5)
  17. avast meldete Wurm/Virus
    Plagegeister aller Art und deren Bekämpfung - 14.11.2009 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu - Avast meldete heute, dass es eine "bösartige Website" blockiert hat. Kurz darauf schlossen sich alle Programme und der Rechner startete sich neu, ohne dass ich dies in irgendeiner Weise eingeleitet - Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu...
Archiv
Du betrachtest: Infiziert? Avast meldete Blockieren bösartiger Website, Rechner startete neu auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131