Taraxacum | 06.08.2012 16:37 | "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland ... " -Blockade Nach Surfen im Internet erschien heute ein Popup, das sich nicht mehr schließen lässt mit dem Titel "Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland ..." Konnte nur nach Abmeldung des Users und Anmeldung eines neuen Users weiterarbeiten.
Ich habe mit Malwarbites und OTL gescannt. Malwarebites meldet keine Infektion.
Kann mir jemand helfen? Das wäre toll, viele Grüße.
OTL Logfile: Code:
OTL Extras logfile created on: 06.08.2012 16:43:14 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Paul\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,40% Memory free
6,00 Gb Paging File | 4,25 Gb Available in Paging File | 70,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,53 Gb Total Space | 24,91 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 778,67 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_USERS\S-1-5-21-2947040781-3747238007-1981394812-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17F9C049-059A-4AB4-A23D-5D31C5C541A4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2036B751-359A-49A3-8D01-42A2540D5A4F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2883C7AA-ADC2-4485-8959-26E88EE1D41F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B0F423E-8022-4489-A5CC-F0C5A7C5498D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{43F87DAB-AE2F-487E-8269-3403B5783412}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45AD6DBB-61D1-40E7-8942-84CDB7118A5F}" = lport=138 | protocol=17 | dir=in | app=system |
"{495ACE64-7673-4F13-B3B6-9A57F2826E0D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4C8B4DFD-683B-4849-AE2A-A0FEE6E908AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E00DB9B-0430-490D-A28D-2B24131B5EA5}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{58E75671-7002-468D-BB01-141AF20603B7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{623AD2A6-4ACF-44DD-B25B-164E7E9FAF77}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6C46062D-49A3-41D3-85F1-2F074403D359}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72A4A95A-100E-4252-9276-406FBC391E89}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7ACED91A-2DCB-459F-AA3F-2A3FE5C86FD2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8D3BBC95-CE2E-4DE3-BFD0-C2A00ED2F27E}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F06999F-FF66-46A9-9DC6-0400678A90BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92F556E9-BC74-4192-BA9E-3C7B6FDDACB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A93BF62B-5381-46C4-9324-29AB81FB170F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AF12E6A0-2874-4874-8BC4-ADF9FBBB5672}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5415F90-8E4B-44F3-8EE6-E4BF318DB887}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF047A2F-5BF0-431E-ACB3-A317AC66811E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF3F48A0-8013-41CF-9B90-16548356EB5C}" = lport=139 | protocol=6 | dir=in | app=system |
"{CC71F526-0DD1-45CD-97C9-76D7CC817FF0}" = lport=137 | protocol=17 | dir=in | app=system |
"{D098AFF5-9EF1-40EF-9E2D-F97CC7D8ADD5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D23E3716-22EB-470D-AF90-B7AC7DD0FE62}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9200979-0CAF-4D9B-846E-64FBBA6582B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBCEB42C-23FB-47F2-B8C5-5A7139FC8356}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DF685E1F-29AA-4883-A27D-5FE4F36D7A9D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E31B1F0C-5CB5-4B1F-9EA9-FF6A7DB8439C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EE085C10-7BF4-4270-A0CA-B5D43F3CA9C2}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BEE82A-883D-4353-9109-D30C74D4E490}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{094B61C8-E01A-4368-B725-41977D11BB07}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D64C316-6BA8-47F0-9191-D6F2A00E8FBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{0DDE2551-5CD9-460F-BCBB-8D587C1B0C11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1310F797-9083-425F-BB9B-FFA32FC4B903}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{14921E7C-9494-4B61-80D8-2199649430AD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1B74A13F-C6A5-4A7C-8A16-68CAFC3EBA42}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1BB8C75A-C885-4196-A130-71F865580ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E238553-1E33-4C70-84E6-65EE7945FDC2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{27233E54-7A84-4614-BAF5-D95CF9105C60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31FA873B-0BF1-4630-9BF0-937F1DE3A986}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{422F0D22-4CFE-4CB4-8C4A-6E4D782B5E70}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4B314B20-5E25-4039-8B3B-B12B86962441}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{50B6CC4D-3A74-4575-9D57-2092486E272C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B78C39A-855C-4EBE-A60E-29E8CAE0F5ED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6BDC93DF-EB8A-4FFC-81B1-C8A3EF3E4413}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8582F36F-4647-43E3-A8B0-166923871623}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90E79D63-91F8-437D-A31B-3593DE4F34D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F7638A-9C26-4630-A2E1-530633D36911}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9AA5BD74-E557-44DD-B152-CC72CBFB3C59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B2AF386-10A6-4DED-B9C2-C018B6D9EF66}" = protocol=6 | dir=out | app=system |
"{9C394EBB-D3AC-42AF-9ED2-A596038108AA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{9DA2DC45-2282-4B89-8C37-81A2CF15E00C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E0FF61C-7A77-4293-92CB-09DA0F27497E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A0F93739-2912-4BAC-B8E7-A82EEE64E6F2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ABC58112-475B-440A-B13C-AFEF010A7D6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACA70A44-7F1F-450F-9E18-420640FFBD69}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AF1E3B08-B073-46E9-A76B-FF5B115813BE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B26B907E-66CE-4F91-B2BD-0DBB61016902}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C91289BC-337F-4E2B-A51A-BC50897589C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D3B5D00E-DD21-44C8-9117-28BE671762FF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D3C95E92-B843-4B9C-88C7-79E3717AE7DA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D6B64F49-4C84-4784-AE35-D58FC998BB18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7250E2E-8BDF-4D60-AD49-E667ED29F625}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{DAD2DB24-A993-4052-B75C-8E6BD0EBAC7B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC1CC783-42AB-4F18-8F1E-C5AB4DAACE58}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{ED464D28-306B-4222-9A2A-1BC32ACD80BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0A88D0F-1EB7-4560-9574-79198A1B26EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F257BB4D-3CD1-4C21-8DD2-DBA7373BF836}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB3F5B96-4157-41A6-8921-86582CE7150C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FDDFA12E-4E22-4B40-8823-A728BB297061}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0F61A572-0B09-45FF-B5FF-20EFB221FF32}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{2C1FFED7-EB85-49F5-9C68-2B1C26855223}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe |
"UDP Query User{6368D42B-BFA9-4A59-B403-9892CA27AF36}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D7AC5535-808D-4290-A0EF-22BC0B4CCB82}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series" = Canon MP640 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A4D58206-7E8F-41F2-BD94-85009F3AEA28}" = NWZ-E460 WALKMAN Guide
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArcGIS Desktop" = ArcGIS Desktop
"AVG" = AVG 2012
"Canon MP640 series Benutzerregistrierung" = Canon MP640 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ElsterFormular 13.0.0.8086k" = ElsterFormular
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (3.1.8)" = Mozilla Thunderbird (3.1.8)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PROR" = Microsoft Office Professional 2007
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"RealPlayer 15.0" = RealPlayer
"SigmaPlot 6.00" = SigmaPlot 6.00
"Synchredible_is1" = Synchredible v2.4
"VLC media player" = VLC media player 1.1.5
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2947040781-3747238007-1981394812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.05.2012 16:33:04 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.05.2012 16:33:23 | Computer Name = user-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.06.2012 16:30:51 | Computer Name = user-PC | Source = MsiInstaller | ID = 11706
Description =
Error - 17.07.2012 14:10:18 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
Version: 11.3.300.265, Zeitstempel: 0x4febd5ac Name des fehlerhaften Moduls: nvd3dum.dll,
Version: 8.17.12.5721, Zeitstempel: 0x4c0d6f2f Ausnahmecode: 0xc0000005 Fehleroffset:
0x00351943 ID des fehlerhaften Prozesses: 0x151c Startzeit der fehlerhaften Anwendung:
0x01cd644754bb3601 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll Berichtskennung: aa0088ee-d03a-11e1-b1be-002421db202d
Error - 23.07.2012 01:30:01 | Computer Name = user-PC | Source = WcesComm | ID = 2
Description = Rapimgr(0x80070776)-Fehler beim Starten des Diensts für Windows Mobile
2003-Geräteverbindungen. (Die Daten enthalten den Fehlercode.)
Error - 31.07.2012 16:45:03 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.5721,
Zeitstempel: 0x4c0d6f2f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00351943 ID des fehlerhaften
Prozesses: 0x60c Startzeit der fehlerhaften Anwendung: 0x01cd6f5d5b89fbbf Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll Berichtskennung: 99fff13a-db50-11e1-87b5-002421db202d
Error - 31.07.2012 17:20:57 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3b7e Name des fehlerhaften Moduls: rjm4pln.dll, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3bb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005846 ID des fehlerhaften
Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0x01cd6f616a6415be Pfad der
fehlerhaften Anwendung: c:\program files\real\realplayer\RecordingManager.exe Pfad
des fehlerhaften Moduls: c:\program files\real\realplayer\mpaplugins\rjm4pln.dll
Berichtskennung:
9de474d8-db55-11e1-87b5-002421db202d
Error - 31.07.2012 17:29:19 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3b7e Name des fehlerhaften Moduls: rjm4pln.dll, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3bb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005846 ID des fehlerhaften
Prozesses: 0x115c Startzeit der fehlerhaften Anwendung: 0x01cd6f6290f1c8ea Pfad der
fehlerhaften Anwendung: c:\program files\real\realplayer\RecordingManager.exe Pfad
des fehlerhaften Moduls: c:\program files\real\realplayer\mpaplugins\rjm4pln.dll
Berichtskennung:
c9169e4a-db56-11e1-87b5-002421db202d
Error - 31.07.2012 17:29:25 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3b7e Name des fehlerhaften Moduls: rjm4pln.dll, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3bb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005846 ID des fehlerhaften
Prozesses: 0x154c Startzeit der fehlerhaften Anwendung: 0x01cd6f638e095777 Pfad der
fehlerhaften Anwendung: c:\program files\real\realplayer\RecordingManager.exe Pfad
des fehlerhaften Moduls: c:\program files\real\realplayer\mpaplugins\rjm4pln.dll
Berichtskennung:
cc8298af-db56-11e1-87b5-002421db202d
Error - 31.07.2012 17:38:31 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RecordingManager.exe, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3b7e Name des fehlerhaften Moduls: rjm4pln.dll, Version: 15.0.4.53,
Zeitstempel: 0x4f9f3bb9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005846 ID des fehlerhaften
Prozesses: 0x1338 Startzeit der fehlerhaften Anwendung: 0x01cd6f63a05e7714 Pfad der
fehlerhaften Anwendung: c:\program files\real\realplayer\RecordingManager.exe Pfad
des fehlerhaften Moduls: c:\program files\real\realplayer\mpaplugins\rjm4pln.dll
Berichtskennung:
121b60d1-db58-11e1-87b5-002421db202d
[ OSession Events ]
Error - 05.09.2011 11:35:09 | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28168
seconds with 1860 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.08.2012 05:32:42 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 01.08.2012 09:58:46 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 02.08.2012 14:17:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 03.08.2012 04:18:36 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 03.08.2012 09:06:26 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 03.08.2012 09:38:17 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 05.08.2012 05:53:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 06.08.2012 02:07:23 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 06.08.2012 03:29:43 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
Error - 06.08.2012 09:10:16 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
mxmoqaov
< End of report > --- --- ---
OTL Logfile: Code:
OTL logfile created on: 06.08.2012 16:43:14 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Paul\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,40% Memory free
6,00 Gb Paging File | 4,25 Gb Available in Paging File | 70,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,53 Gb Total Space | 24,91 Gb Free Space | 41,84% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 778,67 Gb Free Space | 83,59% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe ()
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (mxmoqaov) -- System32\drivers\xsgevamq.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F51DC8F7-F2DF-4C74-A70B-F02C612EB4DB}&mid=5e8f9187164b47d6bee3d16d673fc9de-3a58832084baf1869c54c01430096f40781caa38&lang=de&ds=AVG&pr=fr&d=2012-05-30 22:20:03&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 39 40 7D D5 73 CD 01 [binary data]
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={F51DC8F7-F2DF-4C74-A70B-F02C612EB4DB}&mid=5e8f9187164b47d6bee3d16d673fc9de-3a58832084baf1869c54c01430096f40781caa38&lang=de&ds=AVG&pr=fr&d=2012-05-30 22:20:03&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.wikipedia.org/"
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B7d23bb8c-4ff7-4da8-b304-546fcc1bd72b%7D&mid=5e8f9187164b47d6bee3d16d673fc9de-3a58832084baf1869c54c01430096f40781caa38&ds=AVG&v=11.0.0.9&lang=de&pr=fr&d=2011-12-13%2019%3A40%3A37&sap=ku&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 09:52:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.07 00:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 22:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.07 00:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:08:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 09:26:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.20 08:29:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.07 00:38:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011.01.14 23:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.05.08 22:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6m8ohirn.default\extensions
[2012.06.22 09:26:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.03 09:08:51 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.07.09 22:07:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
[2012.06.22 09:26:13 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.07 00:37:58 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.22 09:26:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 22:07:54 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.22 09:26:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.22 09:26:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.22 09:26:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.22 09:26:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.22 09:26:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-2947040781-3747238007-1981394812-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-2947040781-3747238007-1981394812-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 192.168.123.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BE5EA60-C9DA-4F9A-895D-FCA55050E5F5}: DhcpNameServer = 195.50.140.116 192.168.123.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.06 09:31:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2012.07.17 09:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.11 09:45:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 09:45:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.11 09:44:51 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 09:44:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.06 16:19:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 16:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 15:43:17 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 15:17:18 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 15:17:18 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 15:14:26 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.06 15:14:26 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.06 15:14:26 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.06 15:14:26 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.06 15:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 15:10:09 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 08:10:43 | 103,057,728 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.08.03 16:03:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.03 16:03:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.29 08:09:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.17 09:52:53 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.07.11 09:53:34 | 000,476,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.03.08 10:11:29 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.03.08 10:10:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.10 17:18:15 | 000,033,280 | ---- | C] () -- C:\Windows\System32\Sp32w.dll
[2011.02.10 17:18:13 | 000,106,512 | ---- | C] () -- C:\Windows\WKW16A.EXE
[2011.02.01 16:54:40 | 001,483,776 | ---- | C] () -- C:\Windows\Mgxrdr32.dll
[2011.02.01 16:54:38 | 000,306,688 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL
[2011.02.01 16:54:38 | 000,095,232 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[2011.02.01 16:54:37 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2011.02.01 16:54:26 | 000,172,544 | ---- | C] () -- C:\Windows\Mgxclean.exe
[2011.02.01 16:54:26 | 000,082,944 | ---- | C] () -- C:\Windows\System32\Ppiv20.dll
[2011.01.24 22:47:26 | 000,000,068 | ---- | C] () -- C:\Windows\KMSTMVM.ini
[2011.01.14 13:29:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
========== LOP Check ==========
[2012.08.06 15:14:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AVG2012
[2011.06.10 21:58:04 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\5017
[2012.05.30 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\AVG2012
[2011.03.31 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\Canon
[2011.03.09 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\CD-LabelPrint
[2011.11.02 11:43:27 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\elsterformular
[2011.03.24 22:00:18 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\ESRI
[2012.08.06 08:26:39 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\hellomoto
[2011.06.10 21:57:53 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\kock
[2011.03.24 23:03:32 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\Safe Software
[2011.01.17 23:28:18 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\Thunderbird
[2011.10.24 09:42:13 | 000,000,000 | ---D | M] -- C:\Users\Ulf\AppData\Roaming\xmldm
[2011.01.28 23:45:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ASCOMP Software
[2012.05.30 22:18:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2012
[2012.02.09 16:34:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.03.17 11:57:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESRI
[2012.01.21 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2012.06.18 10:03:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.06.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Paul :: USER-PC [limited]
06.08.2012 15:45:24
mbam-log-2012-08-06 (15-45-24).txt
Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365387
Time elapsed: 23 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) |