Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?


Plagegeister aller Art und deren Bekämpfung: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.07.2013, 12:11   #1
MrMr
 
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?


Hi,
ich musste mir JDownloader 2 installieren und hab mir dann gleichzeitig mysearchdial hijack und Online Games Verknüpfung (Online Games mysearchdials) eingefangen. Beim versuch JDonwloader 2 zu deinstallieren kamm die Fehlermeldung
Zitat:
Exception:

java.io.FileNotFoundException: C:\Users\***\AppData\Local\JDownloader v2.0\cfg\versioninfo\JDU\filelist.txt (Das System kann den angegebenen Pfad nicht finden)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at org.appwork.updatesys.client.FileList.walk(FileList.java:349)
at org.appwork.install4j.updatesys.Webinstaller.uninstallByID(Webinstaller.java:746)
at org.appwork.install4j.updatesys.Webinstaller.uninstall(Webinstaller.java:655)
at com.install4j.runtime.installer.UninstallerContextImpl$2.fetchValue(Unknown Source)
at com.install4j.runtime.installer.helper.comm.actions.FetchObjectAction.execute(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionDirect(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionInt(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionChecked(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.fetchObjectChecked(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionIntStatic(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionInt(Unknown Source)
at com.install4j.runtime.installer.ContextImpl.performAction(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.executeActions(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.handleCommand(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.start(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.runInProcess(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)
at com.install4j.runtime.launcher.WinLauncher.main(Unknown Source)

System properties:

java.runtime.name=Java(TM) SE Runtime Environment
exe4j.moduleName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
exe4j.processCommFile=C:\Users\***\AppData\Local\Temp\e4j_p4224.tmp
exe4j.semaphoreName=Local\c:_users_***_appdata_local_jdownloader_v2.0_uninstall_jdownloader.exe
sun.boot.library.path=c:\users\***\appdata\local\jdownloader v2.0\jre\bin
java.vm.version=23.25-b01
java.vm.vendor=Oracle Corporation
java.vendor.url=hxxp://java.oracle.com/
exe4j.consoleCodepage=cp0
path.separator=;
java.vm.name=Java HotSpot(TM) 64-Bit Server VM
file.encoding.pkg=sun.io
user.country=DE
user.script=
sun.os.patch.level=
install4j.exeDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vm.specification.name=Java Virtual Machine Specification
user.dir=C:\Users\***\AppData\Local
java.runtime.version=1.7.0_25-b16
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\endorsed
os.arch=amd64
java.io.tmpdir=C:\Users\***\AppData\Local\Temp\
line.separator=

java.vm.specification.vendor=Oracle Corporation
user.variant=
exe4j.tempDir=
os.name=Windows 8
sun.jnu.encoding=Cp1252
java.library.path=C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;c:\users\***\appdata\loca l\jdownloader v2.0\jre\bin
sun.awt.enableExtraMouseButtons=true
java.specification.name=Java Platform API Specification
java.class.version=51.0
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
exe4j.isInstall4j=true
os.version=6.2
user.home=C:\Users\***
user.timezone=Europe/Berlin
java.awt.printerjob=sun.awt.windows.WPrinterJob
file.encoding=Cp1252
java.specification.version=1.7
java.class.path=C:\Users\***\AppData\Local\JDownloader v2.0\.install4j\i4jruntime.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user\proxyVole.jar;;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\deploy.jar;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\plugin.jar;C:\Users\***\AppData\Local\JDownloader v2.0\JDownloader.jar
user.name=***
java.vm.specification.version=1.7
sun.java.command=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
java.home=c:\users\***\appdata\local\jdownloader v2.0\jre
sun.arch.data.model=64
exe4j.launchName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
user.language=de
java.specification.vendor=Oracle Corporation
awt.toolkit=sun.awt.windows.WToolkit
java.vm.info=mixed mode
exe4j.unextractedPosition=0
java.version=1.7.0_25
java.ext.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
sun.boot.class.path=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\resources.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\rt.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\sunrsasign.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jsse.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jce.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\charsets.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jfr.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\classes
install4j.appDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vendor=Oracle Corporation
file.separator=\
java.vendor.url.bug=hxxp://bugreport.sun.com/bugreport/
sun.io.unicode.encoding=UnicodeLittle
sun.cpu.endian=little
install4j.systemLanguage=de
sun.desktop=windows
sun.cpu.isalist=amd64
Wie werde ich jetzt alles los?


ps.: Sytem Infos kommen gleich!

Die Sytem Infos...

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:54 on 19/07/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.07.03 23:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.20 14:48:21 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.06.01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.20 14:48:24 | 000,811,064 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.06.01 13:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.01 13:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.06.01 13:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.08 13:29:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19A47CC2-9D45-DB02-B048-0CA434602A7D}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd72&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytAyB0AtAzztAyCyC0F0AtN0D0Tzu0SyDyCyDtN1L2XzutBtFtBtFyEtFzzyDyDtN1L1Czu1L1C1H1B1QyBtB&cr=238750632&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 FB 93 76 5B 84 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
 
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Super Lyrics) - {B9020890-9E08-446B-87B0-0C5CD0436D86} - C:\Program Files (x86)\Super_Lyrics\116.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB43AF1-00A5-486D-B3CB-DC402B7785FD}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.18 17:03:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.19 12:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.07.19 11:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.07.19 11:08:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.07.19 11:08:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.07.19 11:08:04 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.07.19 11:08:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.07.19 11:05:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[2013.07.19 09:20:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
[2013.07.19 09:20:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\JDownloader v2.0
[2013.07.19 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.07.19 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera Software
[2013.07.19 08:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.07.19 08:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.07.19 08:34:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.07.18 21:54:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NVIDIA
[2013.07.18 19:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 19:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.07.18 17:24:46 | 000,287,840 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2013.07.18 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.07.18 17:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.18 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.07.18 17:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013.07.18 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.18 17:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.18 16:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2013.07.18 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\***\.appwork
[2013.07.18 16:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera Software
[2013.07.18 15:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.18 15:57:00 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.07.18 15:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2013.07.18 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.07.18 15:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.18 15:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.07.16 21:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.07.15 20:48:35 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.07.15 20:40:55 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2013.07.15 20:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013.07.15 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.07.15 20:05:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.07.15 20:05:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.15 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2013.07.15 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packages
[2013.07.15 19:59:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.15 19:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.07.15 19:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013.07.15 19:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.07.15 19:36:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.07.15 18:53:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 12:09:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.19 12:07:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.19 12:07:38 | 2574,901,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 11:54:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:11:22 | 001,654,648 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.07.19 11:11:22 | 000,714,240 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.07.19 11:11:22 | 000,674,750 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.07.19 11:11:22 | 000,147,840 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.07.19 11:11:22 | 000,124,636 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.07.19 11:08:05 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:06 | 000,289,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | M] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | M] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.19 09:19:58 | 000,329,620 | ---- | M] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.18 21:55:51 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.15 20:03:48 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 19:50:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.06.21 14:06:36 | 000,061,216 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.06.21 14:06:36 | 000,053,024 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.06.21 14:06:36 | 000,021,578 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.06.20 06:17:49 | 003,253,909 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.19 11:54:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:08:05 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:04 | 000,289,768 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | C] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | C] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.18 21:54:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 21:08:14 | 000,386,642 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.07.18 21:03:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2013.07.18 21:03:54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.18 16:28:12 | 000,329,620 | ---- | C] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.16 21:58:38 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013.07.15 20:14:59 | 000,031,841 | ---- | C] () -- C:\WINDOWS\ProfessionalWMC.xml
[2013.07.15 20:05:45 | 003,253,909 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2013.07.15 20:03:48 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 20:00:00 | 000,001,438 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.15 19:50:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.07.15 19:50:30 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.07.15 18:53:56 | 2574,901,247 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.19 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera Software
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EF0026-22E7-4EEF-B582-01083FC35518}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F14A030-8DCA-4480-B3A2-0B4B229CEDB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0F24913A-3774-4C46-A217-BE12BBAE4FF7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16132184-9950-46F6-92AA-4F737CDE1038}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2692E00D-6B32-4065-85BC-2A471D01F406}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26E4DF95-BD53-4BF8-9558-1366D545A1A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4403B768-F67C-4A9F-9285-3C1153BEC492}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55CA3833-2AE9-49F0-A0DC-0E8ECEF0864B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6A62FC91-14B6-468C-9773-03D6FC25D06F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{774E5BEA-3C79-4224-B27F-E4ABC144504F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{88F0BF6A-E3F3-48EB-89C1-BB1BA7580993}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9228CC64-A158-41AE-BA23-29D1E3014B3E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B26E055D-EFCA-41A7-83A7-F682D365518A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B44D4CC1-EA0F-49CC-8B8E-E797532832F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4E51244-1F00-4C12-AF8D-4A4BAC0D7A95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3BF2FFB-8EFF-4461-938B-E1A41133B3A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D0E57571-EFD2-4942-BCA8-D76237CBA838}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D85BCF07-2B90-4842-93CD-35925FA4475D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E3DE65CB-81EC-4F1A-831D-02DDC9827013}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F8D924C1-9E82-4F38-BACA-CECF6D783406}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FC04431E-32CD-4156-ACFD-0B8765251EA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012726B8-47B8-4C70-8A92-7339C17784EA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{03FA29CA-B76D-463C-8235-83258352719F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{10E89673-794F-4703-8200-382890CED81B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{18E3006C-74CC-42B9-B809-3A479AFA3385}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1A5931F8-D489-4540-98A5-0206F747C2C5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1CB6AD4C-D31A-41B4-BE97-114191494D27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23F728E8-E7AB-4A41-AD93-0F8FF91A8596}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{24F18129-9073-45B9-A41D-CDF0C581C0C3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{269B6314-86B1-4762-8CAF-920711398277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2749F89A-E25A-4BC7-84DA-F1C0F450C80A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2B2C5A02-5A4D-4170-A1F9-CAECF574A77C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{2E1217B4-884D-4BEF-BC82-E81C9A4B97F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{35608C4D-974B-4C97-9050-4376DA0C0FB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{38ABDD5D-D841-48B3-A851-DE080B1C1498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DBF81EF-19D6-46CA-98A3-DF34F80716AE}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{413FE1E2-F623-4788-833A-0CF50BD95233}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4679DE7E-514C-42D7-9D01-A48BAACA5828}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4E25ECCE-2FCB-47CE-93B9-5399B45A92AD}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{60CF9028-8853-4879-8D78-D951BD53EA4B}" = protocol=6 | dir=out | app=system | 
"{66B982BF-B31F-4C95-BD8D-C58CA010D056}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6BF3DC46-40DD-4496-B85C-E162DDA46D75}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{6EF1FCA1-3F5B-4311-8924-4C50FC038A04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7359A345-D2F8-4D71-BC2E-1689D04E96BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78F8F129-4B58-4082-A056-ACE4DCA1D963}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{794D44F7-0338-468D-892E-042D6F196BF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CF3586B-76C2-46C0-B913-520EFBD25749}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{7F579887-E2E8-47E9-9834-844C46186B25}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{820FEC0C-7A8C-4BC8-A0A1-E5BC23AFCCE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8526807F-A1B6-4934-88DB-57AD92B8EA13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86643846-20CC-4A22-9E8D-6C912A5AE6C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A28F4366-BA29-4CDE-A681-ACC633547DFA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{AA01AFE9-C0E5-4E8A-BD75-933FAB2F90FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4CE7B9F-2B50-46E8-93CF-A390D79E8BF5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{BF27F77D-724A-4C30-B63D-83BEF09A2E5E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C7515C06-A8DB-4FAF-917B-6B90B8C23883}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9A997E3-3FA8-438B-8CE3-1695DCBF51FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D833DA58-84E2-4C1B-A3D2-914EF284660B}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9F2762E-10E5-4DEE-8B69-5BD319462D9D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FBC1DFF5-E5A8-45CD-A408-43B35CD85CFA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"TCP Query User{31D999BB-C371-4DD6-A6E7-53F9EE3EA07E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{F8EA6C80-9E74-4DAA-9BF1-E15A82BA616E}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe | 
"UDP Query User{B992EDBA-811C-4802-A708-98FF52EE3454}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe | 
"UDP Query User{D2F5E895-C146-4CA7-AD2A-3B79B3E8EF50}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"jdownloader2" = JDownloader 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2013 13:44:35 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 13:44:55 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 13:45:08 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 14:29:36 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
 0x50f9475d  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
 0x50f9475d  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00051955  ID des fehlerhaften Prozesses:
 0x1080  Startzeit der fehlerhaften Anwendung: 0x01ce83e4be724819  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update
 Core\daemonu.exe  Berichtskennung: ff482921-efd7-11e2-be6f-50e54937a383  Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 19.07.2013 04:27:54 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628,
 Zeitstempel: 0x51a94434  Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16604,
 Zeitstempel: 0x5184a60b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000a43e6
ID
 des fehlerhaften Prozesses: 0xb1c  Startzeit der fehlerhaften Anwendung: 0x01ce8459bedb7001
Pfad
 der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\twinui.dll  Berichtskennung: 1b563b4f-f04d-11e2-be72-50e54937a383
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 18.07.2013 14:27:09 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 18.07.2013 14:29:41 | Computer Name = BüroDesktop | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 12:56:04
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e OCZ-AGILITY3 rev.2.22 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtoypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                      000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                      000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                    000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                            000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                            000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fff00a1782 4 bytes [0A, F0, FF, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [448:472]                                                                                      fffff9600095f5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                            -1236595191

---- EOF - GMER 2.1 ----
--- --- ---

 

Themen zu JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?
amd, appdata, c:\windows, common, deinstallieren, entfernen, fehlermeldung, files, games, gleichzeitig, hijack, hotspot, infos, install.exe, installieren, mysearchdial, nvidia, online, online games, process, server, source, super, system, system32, sytem, temp, unknown, verknüpfung, virtual machine, windows


« ginyas Browser companion | Probleme mit: Coupondropdown und ism.sitescout.com popups / browser Fenster Öffnung »


Ähnliche Themen: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?


  1. Ads By Dr Games entfernen
    Anleitungen, FAQs & Links - 09.11.2015 (2)
  2. Ads By Princess Games entfernen
    Anleitungen, FAQs & Links - 02.10.2015 (2)
  3. Ads by Future Games entfernen
    Anleitungen, FAQs & Links - 09.09.2015 (2)
  4. Ads By Disco Games entfernen
    Anleitungen, FAQs & Links - 22.08.2015 (2)
  5. Ads by Teras Games entfernen
    Anleitungen, FAQs & Links - 19.08.2015 (2)
  6. Ads By Flash Games Rockstar entfernen
    Anleitungen, FAQs & Links - 15.08.2015 (2)
  7. Keine Server Online-Games via Steam / ADs trotz ADblock
    Plagegeister aller Art und deren Bekämpfung - 02.05.2015 (7)
  8. PSW.Online-Games.P und Win32/Heri auf Win7 mit AVG Rescue CD gefunden und "bereinigt"?
    Log-Analyse und Auswertung - 21.11.2014 (17)
  9. Trojaner - Ordner werden zu Verknüpfung - Recycled (Verknüpfung) Recycler -system32
    Log-Analyse und Auswertung - 13.04.2014 (33)
  10. FreeRide Games Toolbar entfernen
    Anleitungen, FAQs & Links - 21.03.2014 (2)
  11. Mysearchdial läßt sich nicht entfernen
    Log-Analyse und Auswertung - 05.03.2014 (8)
  12. mysearchdial.com entfernen
    Anleitungen, FAQs & Links - 15.10.2013 (2)
  13. Pc lagg(internet Videos,Musik (games)(online-offline)
    Netzwerk und Hardware - 02.04.2011 (1)
  14. keine verbindung zu online games
    Alles rund um Windows - 17.06.2008 (1)
  15. PC laggt bei Online-Games! Experten sind gefragt!
    Plagegeister aller Art und deren Bekämpfung - 17.10.2004 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Hi, ich musste mir JDownloader 2 installieren und hab mir dann gleichzeitig mysearchdial hijack und Online Games Verknüpfung (Online Games mysearchdials) eingefangen. Beim versuch JDonwloader 2 zu deinstallieren kamm die - JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?...
Archiv
Du betrachtest: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19