Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2012, 20:44   #1
hist
 
Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData" - Standard

Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"



Hallo zusammen,

bei mir kommt seit längerer Zeit als Startseite ständig eine Seite namens smaxxi.biz oder smaxi.net, die mit russischen Zeichen voll is. Startseite neu einstellen bringt nichts, ist trotzdem jedesmal diese russische.

Dazu ist mir unter Eigene Datein ein Ordner namens Appdata aufgefallen, der sich 1. nicht löschen lässt, 2. verdammt groß is, 3. Unterordner namens roaming usw hat (was für mir sehr auffälig erscheint und 4. wurde beim Virenscan mit AVG festgestellt dass dieser Trojaner beiinhaltet und zwar:

Trojaner: Downloader.Generic12.AOMS
Trojaner: Generic25.CBJH

AVG teilt mir zwar mit er hätte diese in die Virenquarantäne verschoben, aber mein Problem bleibt.

Und seit neuestem stürzt Firefox ständig ab und einige Seiten lasse sich nicht mehr normal anzeigen.

hier mal meine OTL Files:

Code:
ATTFilter
OTL logfile created on: 18.01.2012 21:17:13 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\BigBoss\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,43% Memory free
6,00 Gb Paging File | 4,36 Gb Available in Paging File | 72,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 256,65 Gb Free Space | 56,57% Space Free | Partition Type: NTFS
Drive K: | 372,61 Gb Total Space | 156,41 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
 
Computer Name: WOLF-PC | User Name: BigBoss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.01.18 21:00:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BigBoss\Desktop\OTL.exe
PRC - [2011.12.03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011.11.10 10:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.07.11 22:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.03.15 17:02:16 | 000,011,776 | ---- | M] (Ai Squared ) -- C:\Program Files (x86)\ZoomText 9.1\ZoomTextHelperService.exe
PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.04 13:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.08.04 10:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2007.05.23 19:29:36 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012.01.09 17:23:37 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.03.15 17:02:16 | 000,011,776 | ---- | M] (Ai Squared ) [Auto | Running] -- C:\Program Files (x86)\ZoomText 9.1\ZoomTextHelperService.exe -- (ZoomText Helper Service)
SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.14 12:26:23 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011.09.13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.08.08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.07.11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.07.11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.07.11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.26 10:04:14 | 000,012,872 | ---- | M] (Ai Squared ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Ai2Chroniker.sys -- (Ai2Chroniker)
DRV:64bit: - [2011.01.26 10:04:14 | 000,011,848 | ---- | M] (Ai Squared ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ai2Mmpd.sys -- (Ai2Mmpd)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.01.28 15:25:02 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.22 15:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2007.05.17 23:01:30 | 000,027,904 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV - [2011.12.12 19:31:38 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.smaxxi.biz
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.smaxxi.biz
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.smaxxi.biz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.smaxxi.biz
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.smaxxi.biz"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.07 15:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.18 10:47:43 | 000,000,000 | ---D | M]
 
[2011.04.09 13:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigBoss\AppData\Roaming\mozilla\Extensions
[2012.01.06 14:22:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BigBoss\AppData\Roaming\mozilla\Firefox\Profiles\1aqrj32g.default\extensions
[2011.04.13 11:41:37 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\BigBoss\AppData\Roaming\mozilla\Firefox\Profiles\1aqrj32g.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011.04.09 14:02:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\BigBoss\AppData\Roaming\mozilla\Firefox\Profiles\1aqrj32g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.17 08:46:50 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\BigBoss\AppData\Roaming\mozilla\Firefox\Profiles\1aqrj32g.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.04 13:10:29 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\BigBoss\AppData\Roaming\mozilla\Firefox\Profiles\1aqrj32g.default\extensions\welcome@toolmin.com
[2012.01.08 13:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\BIGBOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AQRJ32G.DEFAULT\EXTENSIONS\{9D1F059C-CADA-4111-9696-41A62D64E3BA}.XPI
() (No name found) -- C:\USERS\BIGBOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AQRJ32G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BIGBOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AQRJ32G.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
() (No name found) -- C:\USERS\BIGBOSS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AQRJ32G.DEFAULT\EXTENSIONS\TRACKMENOT@MRL.NYU.EDU.XPI
[2012.01.07 15:29:25 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.05.07 11:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 11:22:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.07 11:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.07 11:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.04 13:10:29 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011.05.07 11:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.07 11:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\BigBoss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\BigBoss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\BigBoss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\BigBoss\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B109709-8829-47C5-B99E-2194D89F8B54}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79EC305-F3B8-41DB-B890-A5FF0E9F4B30}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.18 21:00:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\BigBoss\Desktop\OTL.exe
[2012.01.18 20:30:09 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.01.18 20:30:08 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.01.18 20:30:07 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.01.18 20:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.01.18 20:29:50 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\AppData\Roaming\TuneUp Software
[2012.01.18 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.01.18 20:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.01.18 20:28:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.01.18 19:31:05 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\AppData\Local\Opera
[2012.01.18 18:42:57 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\AppData\Local\ElevatedDiagnostics
[2012.01.18 18:17:02 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\Documents\Simply Super Software
[2012.01.18 18:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.01.18 18:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.01.18 18:16:39 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\AppData\Roaming\Simply Super Software
[2012.01.18 18:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.01.18 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.01.18 12:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.18 11:28:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.01.18 11:02:28 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\AppData\Roaming\AVG2012
[2012.01.18 10:55:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.01.18 10:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012.01.18 10:54:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.01.18 10:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.01.18 10:54:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.01.18 10:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.01.18 10:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.01.14 12:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.01.14 12:26:23 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.01.14 12:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.01.11 11:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CrypKey
[2012.01.11 01:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoomText 9.1
[2012.01.11 01:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VW
[2012.01.11 01:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViaVoiceTTS
[2012.01.11 01:04:03 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2012.01.11 01:04:03 | 000,122,880 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\SysNative\Crypserv.exe
[2012.01.11 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Ai Squared
[2012.01.11 01:03:33 | 000,053,248 | ---- | C] (Freedom Scientific, Inc.) -- C:\Windows\SysWow64\bypass_jfwvid.dll
[2012.01.11 01:03:31 | 000,167,936 | ---- | C] (Ai Squared ) -- C:\Windows\SysWow64\Ai2XOR.dll
[2012.01.11 01:03:31 | 000,129,608 | ---- | C] (Ai Squared ) -- C:\Windows\SysNative\Ai2Mdd.dll
[2012.01.11 01:03:31 | 000,058,368 | ---- | C] (Ai Squared ) -- C:\Windows\SysWow64\Ai2d91.dll
[2012.01.11 01:03:31 | 000,016,968 | ---- | C] (Ai Squared ) -- C:\Windows\SysNative\Ai2V.sys
[2012.01.11 01:03:31 | 000,015,872 | ---- | C] (Ai Squared ) -- C:\Windows\SysWow64\Ai2Ldr.dll
[2012.01.11 01:03:31 | 000,012,872 | ---- | C] (Ai Squared ) -- C:\Windows\SysNative\drivers\Ai2Chroniker.sys
[2012.01.11 01:03:31 | 000,011,848 | ---- | C] (Ai Squared ) -- C:\Windows\SysNative\drivers\Ai2Mmpd.sys
[2012.01.11 01:03:31 | 000,007,680 | ---- | C] (Ai Squared ) -- C:\Windows\SysWow64\drivers\Ai2sXP.sys
[2012.01.11 01:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoomText 9.1
[2012.01.09 17:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.01.09 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012.01.09 17:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2012.01.09 17:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2012.01.09 17:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2012.01.06 15:47:38 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012.01.06 15:45:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.06 15:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.01.06 15:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012.01.06 14:36:13 | 000,000,000 | ---D | C] -- C:\Users\BigBoss\a
[2012.01.03 16:20:24 | 000,000,000 | ---D | C] -- C:\a
[2011.12.21 23:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.18 21:00:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\BigBoss\Desktop\OTL.exe
[2012.01.18 20:59:37 | 001,535,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.18 20:59:37 | 000,667,190 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.18 20:59:37 | 000,627,372 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.18 20:59:37 | 000,136,000 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.18 20:59:37 | 000,111,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.18 20:40:48 | 000,000,000 | ---- | M] () -- C:\Users\BigBoss\defogger_reenable
[2012.01.18 20:30:05 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.18 20:30:05 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.01.18 18:54:39 | 086,971,166 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.01.18 18:26:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 18:26:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.18 18:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.18 18:18:46 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.18 12:19:29 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.18 12:19:15 | 001,557,486 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.18 10:55:00 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.18 10:54:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.01.18 10:54:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.01.18 10:47:43 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.14 12:29:59 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.01.14 12:26:23 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.01.11 23:48:36 | 000,002,240 | ---- | M] () -- C:\Windows\SysNative\esnecil.ind
[2012.01.11 23:48:36 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat
[2012.01.11 01:04:51 | 000,000,020 | ---- | M] () -- C:\Windows\TestSupp.ini
[2012.01.11 01:04:50 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\ZoomText 9.1 Trial.lnk
[2012.01.11 01:04:11 | 000,000,052 | ---- | M] () -- C:\Windows\Crypkey.ini
[2012.01.06 15:47:17 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.12.21 23:52:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.18 20:40:48 | 000,000,000 | ---- | C] () -- C:\Users\BigBoss\defogger_reenable
[2012.01.18 20:30:05 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.01.18 20:30:05 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.01.18 20:30:04 | 000,002,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.01.18 18:54:39 | 086,971,166 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.01.18 18:16:46 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2012.01.18 18:16:46 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.01.18 18:16:46 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2012.01.18 18:16:46 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.01.18 12:19:29 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.01.18 12:19:05 | 000,001,906 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.18 10:55:00 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.01.18 10:54:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.01.18 10:54:59 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.01.14 12:29:59 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2012.01.11 11:27:11 | 000,002,240 | ---- | C] () -- C:\Windows\SysNative\esnecil.ind
[2012.01.11 11:27:11 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2012.01.11 01:04:50 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\ZoomText 9.1 Trial.lnk
[2012.01.11 01:04:11 | 000,000,052 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012.01.11 01:04:03 | 000,027,904 | ---- | C] () -- C:\Windows\SysNative\Ckldrv.sys
[2012.01.11 01:04:03 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2012.01.11 01:04:03 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012.01.11 01:04:03 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2012.01.11 01:03:31 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\ai2drv.dat
[2012.01.11 01:00:21 | 000,000,020 | ---- | C] () -- C:\Windows\TestSupp.ini
[2011.07.26 22:05:10 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011.07.26 22:05:08 | 001,202,763 | ---- | C] () -- C:\Windows\unins002.exe
[2011.07.26 22:05:08 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2011.07.26 22:05:08 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2011.07.26 22:05:08 | 000,012,744 | ---- | C] () -- C:\Windows\unins002.dat
[2011.07.26 22:04:58 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2011.07.26 22:04:58 | 000,007,959 | ---- | C] () -- C:\Windows\unins001.dat
[2011.07.26 22:04:42 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.26 22:04:42 | 000,011,837 | ---- | C] () -- C:\Windows\unins000.dat
[2011.05.09 11:00:37 | 001,557,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.04 16:02:11 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.05.04 16:02:11 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.05.04 16:02:11 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.05.04 16:02:11 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.05.04 16:02:11 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.05.04 16:02:11 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.05.04 16:02:11 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.05.04 16:02:11 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.05.04 16:02:11 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.05.04 16:02:11 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.05.04 16:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.05.04 16:02:11 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.05.04 16:02:11 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.05.04 16:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.05.04 16:02:11 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.05.04 16:02:11 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.05.04 16:02:11 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.05.04 16:02:11 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.05.04 16:02:11 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.05.04 15:47:23 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2011.04.09 13:55:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.02 04:22:02 | 001,801,048 | ---- | C] () -- C:\Windows\dsetup32.dll
[2010.06.02 04:22:02 | 000,537,432 | ---- | C] () -- C:\Windows\DXSETUP.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2012.01.18 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\AVG2012
[2012.01.14 15:51:06 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\DAEMON Tools Lite
[2011.12.13 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\DVDVideoSoft
[2011.08.05 19:12:25 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.06 13:13:06 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\EPSON
[2011.07.06 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\FloodLightGames
[2011.07.26 22:11:21 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\LucasArts
[2011.04.08 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\OEM
[2011.04.13 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\Opera
[2011.07.26 02:57:06 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\ScummVM
[2012.01.18 18:16:39 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\Simply Super Software
[2012.01.18 18:17:38 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\SoftGrid Client
[2011.06.20 17:06:33 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\Tific
[2012.01.18 12:02:37 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\toolplugin
[2011.05.09 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\TP
[2012.01.18 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\TuneUp Software
[2012.01.18 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\BigBoss\AppData\Roaming\xarchive
[2011.12.20 10:28:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BF14D50A

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 18.01.2012 21:05:30 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\BigBoss\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 42,05% Memory free
6,00 Gb Paging File | 4,02 Gb Available in Paging File | 67,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 256,64 Gb Free Space | 56,57% Space Free | Partition Type: NTFS
Drive K: | 372,61 Gb Total Space | 156,41 Gb Free Space | 41,98% Space Free | Partition Type: NTFS
 
Computer Name: WOLF-PC | User Name: BigBoss | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0d106b0b-aa4a-453d-88d8-312b4046b4d1}" = Nero 9 Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34A5E174-93FD-496D-8073-13F63128AED6}" = ZoomText 9.1
"{3972C18C-688F-4312-BE9A-3E065204C33D}" = IBM ViaVoice TTS Runtime v6.610 -  UK English
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69C5C392-512C-4AC5-B29A-4B698A69E465}" = Ai Squared Visual C++ Runtime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A04A06C8-DFAE-4ADB-93D4-8AD0A9260FE6}" = Ai Squared Visual C++ MFC Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1A6B23C-438E-4D08-B508-4E830CA8F335}" = IBM ViaVoice TTS Runtime v6.610 -  US English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D9140B72-FD9A-4650-8A24-03AC9827AAB8}" = Ai Squared Visual C++ Runtime
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD0C9330-E89A-4520-9A47-FE01366D5633}" = IBM ViaVoice TTS Runtime v6.610 -  Deutsch
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"Hotkey Utility" = Hotkey Utility
"LucasArts" = LucasArts
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"ScummVM_is1" = ScummVM 1.3.1
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"WildTangent emachines Master Uninstall" = eMachines Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"WT088147" = Agatha Christie - Death on the Nile
"WT088155" = Bejeweled 2 Deluxe
"WT088159" = Build-a-lot 2
"WT088166" = Chuzzle Deluxe
"WT088175" = Diner Dash 2 Restaurant Rescue
"WT088181" = Farm Frenzy
"WT088189" = Insaniquarium Deluxe
"WT088194" = Jewel Quest Solitaire 2
"WT088203" = Plants vs. Zombies
"WT088215" = Zuma Deluxe
"WT088414" = FATE
"WT088418" = Final Drive Nitro
"WT088446" = John Deere Drive Green
"WT088450" = Penguins!
"WT088454" = Polar Bowler
"WT088458" = Polar Golfer
"WT088506" = Virtual Villagers 4 - The Tree of Life
"WT088521" = Zuma's Revenge
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.01.2012 13:18:09 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.01.2012 13:19:04 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 06.01.2012 10:47:50 | Computer Name = wolf-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 07.01.2012 10:31:29 | Computer Name = wolf-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 07.01.2012 15:46:33 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 07.01.2012 15:47:13 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 09.01.2012 13:32:20 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 09.01.2012 13:33:15 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 10.01.2012 08:33:13 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.01.2012 08:34:07 | Computer Name = wolf-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 29.09.2011 15:54:28 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 29.09.2011 15:54:28 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 29.09.2011 15:54:29 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 29.09.2011 15:54:29 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 29.09.2011 17:06:22 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 29.09.2011 17:06:23 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 29.09.2011 17:06:23 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 01.10.2011 16:11:52 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 01.10.2011 16:11:53 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
Error - 01.10.2011 16:11:54 | Computer Name = wolf-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
 
 
< End of report >
         

Alt 20.01.2012, 12:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData" - Standard

Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"



Zitat:
Trojaner: Downloader.Generic12.AOMS
Trojaner: Generic25.CBJH

AVG teilt mir zwar mit er hätte diese in die Virenquarantäne verschoben, aber mein Problem bleibt.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________

__________________

Antwort

Themen zu Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"
7-zip, ad-aware, alternate, autorun, avg, converter, diner dash, error, explorer, fehler, firefox, flash player, format, home, install.exe, jdownloader, logfile, microsoft .net framework 1.1 sp1, microsoft office starter 2010, microsoft security, mp3, nvidia, problem, realtek, registry, richtlinie, rundll, scan, search the web, security, seiten, software, studio, super, symantec, trojaner, version=1.0, virenquarantäne, visual studio, webcheck, windows



Ähnliche Themen: Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"


  1. Plötzlich Software "picexa.exe" installiert, "delta-homes.com" als Startseite in sämtlichen Browsern
    Log-Analyse und Auswertung - 10.04.2015 (11)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Windows7: Datei "dwm.exe" im Ordner "iswizard05" lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.02.2014 (19)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. "JS: pdfka-gen [Expl]" in "C:\Users\***\AppData\Local\Temp\plugtmp-44\plugin-dare.php"
    Log-Analyse und Auswertung - 19.03.2013 (13)
  6. Ordner wie "Anwendungsdaten" oder "Lokale Einstellungen" werden im Explorer nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (5)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  10. "Trojan-Spy.Win32.Zbot.dnei" in "C:\Users\Default.Default-PC\AppData\Roaming"
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  11. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. Auf einmal der Ordner "._Revolution_" im Appdata
    Log-Analyse und Auswertung - 31.08.2010 (0)
  14. TR/Agent.ruo im Ordner "windows/system32" in der Datei "d3stez.dll"
    Plagegeister aller Art und deren Bekämpfung - 27.03.2010 (1)
  15. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData" - Hallo zusammen, bei mir kommt seit längerer Zeit als Startseite ständig eine Seite namens smaxxi.biz oder smaxi.net, die mit russischen Zeichen voll is. Startseite neu einstellen bringt nichts, ist trotzdem - Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData"...
Archiv
Du betrachtest: Startseite "smaxxi.net, smaxi.biz" und seltsamer großer Ordner "AppData" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.