Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.07.2013, 12:11   #1
MrMr
 
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



Hi,
ich musste mir JDownloader 2 installieren und hab mir dann gleichzeitig mysearchdial hijack und Online Games Verknüpfung (Online Games mysearchdials) eingefangen. Beim versuch JDonwloader 2 zu deinstallieren kamm die Fehlermeldung
Zitat:
Exception:

java.io.FileNotFoundException: C:\Users\***\AppData\Local\JDownloader v2.0\cfg\versioninfo\JDU\filelist.txt (Das System kann den angegebenen Pfad nicht finden)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at org.appwork.updatesys.client.FileList.walk(FileList.java:349)
at org.appwork.install4j.updatesys.Webinstaller.uninstallByID(Webinstaller.java:746)
at org.appwork.install4j.updatesys.Webinstaller.uninstall(Webinstaller.java:655)
at com.install4j.runtime.installer.UninstallerContextImpl$2.fetchValue(Unknown Source)
at com.install4j.runtime.installer.helper.comm.actions.FetchObjectAction.execute(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionDirect(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionInt(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.executeActionChecked(Unknown Source)
at com.install4j.runtime.installer.helper.comm.HelperCommunication.fetchObjectChecked(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionIntStatic(Unknown Source)
at com.install4j.runtime.installer.UninstallerContextImpl.performActionInt(Unknown Source)
at com.install4j.runtime.installer.ContextImpl.performAction(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.executeActions(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.handleCommand(Unknown Source)
at com.install4j.runtime.installer.controller.Controller.start(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.runInProcess(Unknown Source)
at com.install4j.runtime.installer.Uninstaller.main(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)
at com.install4j.runtime.launcher.WinLauncher.main(Unknown Source)

System properties:

java.runtime.name=Java(TM) SE Runtime Environment
exe4j.moduleName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
exe4j.processCommFile=C:\Users\***\AppData\Local\Temp\e4j_p4224.tmp
exe4j.semaphoreName=Local\c:_users_***_appdata_local_jdownloader_v2.0_uninstall_jdownloader.exe
sun.boot.library.path=c:\users\***\appdata\local\jdownloader v2.0\jre\bin
java.vm.version=23.25-b01
java.vm.vendor=Oracle Corporation
java.vendor.url=hxxp://java.oracle.com/
exe4j.consoleCodepage=cp0
path.separator=;
java.vm.name=Java HotSpot(TM) 64-Bit Server VM
file.encoding.pkg=sun.io
user.country=DE
user.script=
sun.os.patch.level=
install4j.exeDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vm.specification.name=Java Virtual Machine Specification
user.dir=C:\Users\***\AppData\Local
java.runtime.version=1.7.0_25-b16
java.awt.graphicsenv=sun.awt.Win32GraphicsEnvironment
java.endorsed.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\endorsed
os.arch=amd64
java.io.tmpdir=C:\Users\***\AppData\Local\Temp\
line.separator=

java.vm.specification.vendor=Oracle Corporation
user.variant=
exe4j.tempDir=
os.name=Windows 8
sun.jnu.encoding=Cp1252
java.library.path=C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;c:\users\***\appdata\loca l\jdownloader v2.0\jre\bin
sun.awt.enableExtraMouseButtons=true
java.specification.name=Java Platform API Specification
java.class.version=51.0
sun.management.compiler=HotSpot 64-Bit Tiered Compilers
exe4j.isInstall4j=true
os.version=6.2
user.home=C:\Users\***
user.timezone=Europe/Berlin
java.awt.printerjob=sun.awt.windows.WPrinterJob
file.encoding=Cp1252
java.specification.version=1.7
java.class.path=C:\Users\***\AppData\Local\JDownloader v2.0\.install4j\i4jruntime.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user.jar;C:\Users\***\AppData\Local\JDownloader v2.0\.\.install4j\user\proxyVole.jar;;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\deploy.jar;C:\Users\***\AppData\Local\JDownloader v2.0\jre\lib\plugin.jar;C:\Users\***\AppData\Local\JDownloader v2.0\JDownloader.jar
user.name=***
java.vm.specification.version=1.7
sun.java.command=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
java.home=c:\users\***\appdata\local\jdownloader v2.0\jre
sun.arch.data.model=64
exe4j.launchName=C:\Users\***\AppData\Local\JDownloader v2.0\Uninstall JDownloader.exe
user.language=de
java.specification.vendor=Oracle Corporation
awt.toolkit=sun.awt.windows.WToolkit
java.vm.info=mixed mode
exe4j.unextractedPosition=0
java.version=1.7.0_25
java.ext.dirs=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\ext;C:\WINDOWS\Sun\Java\lib\ext
sun.boot.class.path=c:\users\***\appdata\local\jdownloader v2.0\jre\lib\resources.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\rt.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\sunrsasign.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jsse.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jce.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\charsets.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\lib\jfr.jar;c:\users\***\appdata\local\jdownloader v2.0\jre\classes
install4j.appDir=C:\Users\***\AppData\Local\JDownloader v2.0\
java.vendor=Oracle Corporation
file.separator=\
java.vendor.url.bug=hxxp://bugreport.sun.com/bugreport/
sun.io.unicode.encoding=UnicodeLittle
sun.cpu.endian=little
install4j.systemLanguage=de
sun.desktop=windows
sun.cpu.isalist=amd64
Wie werde ich jetzt alles los?


ps.: Sytem Infos kommen gleich!

Die Sytem Infos...

Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:54 on 19/07/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.07.03 23:39:22 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.20 14:48:21 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.06.01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013.05.04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.05.04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.07.03 23:32:38 | 001,887,520 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.06.20 14:48:37 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.20 14:48:24 | 000,811,064 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe -- (AntiVirWebService)
SRV - [2013.06.20 14:48:21 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.26 05:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.06.01 13:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.06.01 13:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.06.01 13:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013.06.01 05:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.05.08 13:29:12 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\avnetflt.sys -- (avnetflt)
DRV:64bit: - [2013.05.04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.05.04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.26 16:56:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{19A47CC2-9D45-DB02-B048-0CA434602A7D}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd72&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytAyB0AtAzztAyCyC0F0AtN0D0Tzu0SyDyCyDtN1L2XzutBtFtBtFyEtFzzyDyDtN1L1Czu1L1C1H1B1QyBtB&cr=238750632&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 FB 93 76 5B 84 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
 
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Super Lyrics) - {B9020890-9E08-446B-87B0-0C5CD0436D86} - C:\Program Files (x86)\Super_Lyrics\116.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB43AF1-00A5-486D-B3CB-DC402B7785FD}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.07.18 17:03:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.19 12:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2013.07.19 11:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.07.19 11:08:04 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.07.19 11:08:04 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.07.19 11:08:04 | 000,083,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avnetflt.sys
[2013.07.19 11:08:04 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avkmgr.sys
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.07.19 11:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.07.19 11:05:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[2013.07.19 09:20:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
[2013.07.19 09:20:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\JDownloader v2.0
[2013.07.19 09:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.07.19 08:35:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera Software
[2013.07.19 08:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.07.19 08:35:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.07.19 08:34:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2013.07.18 21:54:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\NVIDIA
[2013.07.18 19:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.07.18 19:34:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013.07.18 17:24:46 | 000,287,840 | ---- | C] (AVAST Software) -- C:\WINDOWS\SysNative\aswBoot.exe
[2013.07.18 17:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.07.18 17:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.18 17:20:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.07.18 17:16:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013.07.18 17:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.07.18 17:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.07.18 16:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2013.07.18 16:30:29 | 000,000,000 | ---D | C] -- C:\Users\***\.appwork
[2013.07.18 16:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera Software
[2013.07.18 15:59:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.07.18 15:57:00 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.07.18 15:51:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2013.07.18 15:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.07.18 15:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.07.18 15:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.07.16 21:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.07.15 20:48:35 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.07.15 20:40:55 | 000,000,000 | R--D | C] -- C:\WINDOWS\BrowserChoice
[2013.07.15 20:40:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2013.07.15 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.07.15 20:05:31 | 000,061,216 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.07.15 20:05:31 | 000,053,024 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.07.15 20:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2013.07.15 20:00:01 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.07.15 20:00:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2013.07.15 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013.07.15 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packages
[2013.07.15 19:59:28 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.07.15 19:59:28 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2013.07.15 19:59:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2013.07.15 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.07.15 19:56:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.07.15 19:53:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.07.15 19:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013.07.15 19:50:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.07.15 19:36:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.07.15 19:02:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.07.15 18:53:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.19 12:09:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.07.19 12:09:41 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.07.19 12:07:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.07.19 12:07:38 | 2574,901,247 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.19 11:54:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:11:22 | 001,654,648 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.07.19 11:11:22 | 000,714,240 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.07.19 11:11:22 | 000,674,750 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.07.19 11:11:22 | 000,147,840 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.07.19 11:11:22 | 000,124,636 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.07.19 11:08:05 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:06 | 000,289,768 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | M] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | M] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.19 09:19:58 | 000,329,620 | ---- | M] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.18 21:55:51 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.07.15 20:03:48 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 19:50:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.06.21 14:06:36 | 000,061,216 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2013.06.21 14:06:36 | 000,053,024 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2013.06.21 14:06:36 | 000,021,578 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2013.06.20 14:48:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avipbb.sys
[2013.06.20 14:48:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys
[2013.06.20 06:17:49 | 003,253,909 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.19 11:54:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.07.19 11:53:58 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.07.19 11:08:05 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.07.19 09:29:04 | 000,289,768 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.07.19 09:20:39 | 000,002,088 | ---- | C] () -- C:\Users\***\Desktop\JDownloader 2.lnk
[2013.07.19 09:19:59 | 000,000,385 | ---- | C] () -- C:\Users\***\Desktop\Online Games.url
[2013.07.18 21:54:22 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.07.18 21:53:43 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013.07.18 21:08:14 | 000,386,642 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.07.18 21:03:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll
[2013.07.18 21:03:54 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswVmm.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSP.sys.sum
[2013.07.18 17:24:58 | 000,000,175 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\aswSnx.sys.sum
[2013.07.18 17:24:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\config.nt
[2013.07.18 17:03:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.07.18 16:28:12 | 000,329,620 | ---- | C] () -- C:\Users\***\AppData\Local\mysearchdial-speeddial.crx
[2013.07.16 21:58:38 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk
[2013.07.15 20:14:59 | 000,031,841 | ---- | C] () -- C:\WINDOWS\ProfessionalWMC.xml
[2013.07.15 20:05:45 | 003,253,909 | ---- | C] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2013.07.15 20:03:48 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013.07.15 20:03:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2013.07.15 20:00:00 | 000,001,438 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.15 19:50:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013.07.15 19:50:30 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013.07.15 18:53:56 | 2574,901,247 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.19 10:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.07.2013 12:10:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,91 Gb Available Physical Memory | 86,43% Memory free
12,50 Gb Paging File | 11,29 Gb Available in Paging File | 90,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 66,83 Gb Free Space | 59,84% Space Free | Partition Type: NTFS
 
Computer Name: BÜRODESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EF0026-22E7-4EEF-B582-01083FC35518}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0F14A030-8DCA-4480-B3A2-0B4B229CEDB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0F24913A-3774-4C46-A217-BE12BBAE4FF7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{16132184-9950-46F6-92AA-4F737CDE1038}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2692E00D-6B32-4065-85BC-2A471D01F406}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{26E4DF95-BD53-4BF8-9558-1366D545A1A3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4403B768-F67C-4A9F-9285-3C1153BEC492}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{55CA3833-2AE9-49F0-A0DC-0E8ECEF0864B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6A62FC91-14B6-468C-9773-03D6FC25D06F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{774E5BEA-3C79-4224-B27F-E4ABC144504F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{88F0BF6A-E3F3-48EB-89C1-BB1BA7580993}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9228CC64-A158-41AE-BA23-29D1E3014B3E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B26E055D-EFCA-41A7-83A7-F682D365518A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B44D4CC1-EA0F-49CC-8B8E-E797532832F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B4E51244-1F00-4C12-AF8D-4A4BAC0D7A95}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3BF2FFB-8EFF-4461-938B-E1A41133B3A4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D0E57571-EFD2-4942-BCA8-D76237CBA838}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D85BCF07-2B90-4842-93CD-35925FA4475D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E3DE65CB-81EC-4F1A-831D-02DDC9827013}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F8D924C1-9E82-4F38-BACA-CECF6D783406}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FC04431E-32CD-4156-ACFD-0B8765251EA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012726B8-47B8-4C70-8A92-7339C17784EA}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{03FA29CA-B76D-463C-8235-83258352719F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{10E89673-794F-4703-8200-382890CED81B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{18E3006C-74CC-42B9-B809-3A479AFA3385}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1A5931F8-D489-4540-98A5-0206F747C2C5}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1CB6AD4C-D31A-41B4-BE97-114191494D27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23F728E8-E7AB-4A41-AD93-0F8FF91A8596}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{24F18129-9073-45B9-A41D-CDF0C581C0C3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{269B6314-86B1-4762-8CAF-920711398277}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2749F89A-E25A-4BC7-84DA-F1C0F450C80A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2B2C5A02-5A4D-4170-A1F9-CAECF574A77C}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{2E1217B4-884D-4BEF-BC82-E81C9A4B97F8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{35608C4D-974B-4C97-9050-4376DA0C0FB4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{38ABDD5D-D841-48B3-A851-DE080B1C1498}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DBF81EF-19D6-46CA-98A3-DF34F80716AE}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{413FE1E2-F623-4788-833A-0CF50BD95233}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{4679DE7E-514C-42D7-9D01-A48BAACA5828}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{4E25ECCE-2FCB-47CE-93B9-5399B45A92AD}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{60CF9028-8853-4879-8D78-D951BD53EA4B}" = protocol=6 | dir=out | app=system | 
"{66B982BF-B31F-4C95-BD8D-C58CA010D056}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6BF3DC46-40DD-4496-B85C-E162DDA46D75}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{6EF1FCA1-3F5B-4311-8924-4C50FC038A04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7359A345-D2F8-4D71-BC2E-1689D04E96BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{78F8F129-4B58-4082-A056-ACE4DCA1D963}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{794D44F7-0338-468D-892E-042D6F196BF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CF3586B-76C2-46C0-B913-520EFBD25749}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{7F579887-E2E8-47E9-9834-844C46186B25}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{820FEC0C-7A8C-4BC8-A0A1-E5BC23AFCCE1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8526807F-A1B6-4934-88DB-57AD92B8EA13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{86643846-20CC-4A22-9E8D-6C912A5AE6C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A28F4366-BA29-4CDE-A681-ACC633547DFA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{AA01AFE9-C0E5-4E8A-BD75-933FAB2F90FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4CE7B9F-2B50-46E8-93CF-A390D79E8BF5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{BF27F77D-724A-4C30-B63D-83BEF09A2E5E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{C7515C06-A8DB-4FAF-917B-6B90B8C23883}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9A997E3-3FA8-438B-8CE3-1695DCBF51FF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D833DA58-84E2-4C1B-A3D2-914EF284660B}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9F2762E-10E5-4DEE-8B69-5BD319462D9D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FBC1DFF5-E5A8-45CD-A408-43B35CD85CFA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"TCP Query User{31D999BB-C371-4DD6-A6E7-53F9EE3EA07E}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"TCP Query User{F8EA6C80-9E74-4DAA-9BF1-E15A82BA616E}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe | 
"UDP Query User{B992EDBA-811C-4802-A708-98FF52EE3454}C:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\jdownloader v2.0\jdownloader2.exe | 
"UDP Query User{D2F5E895-C146-4CA7-AD2A-3B79B3E8EF50}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.49
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 6.4.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"jdownloader2" = JDownloader 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3282FBE1-35FC-48D8-98CA-115A5EF1F9B4}" = NVIDIA PhysX
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Avira AntiVir Desktop" = Avira Free Antivirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2013 13:44:35 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 13:44:55 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 13:45:08 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „microsoft.windowsphotos_8wekyb3d8bbwe!Microsoft.WindowsLive.ModernPhotos“
 ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
 im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error - 18.07.2013 14:29:36 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
 0x50f9475d  Name des fehlerhaften Moduls: daemonu.exe, Version: 1.11.3.0, Zeitstempel:
 0x50f9475d  Ausnahmecode: 0xc0000417  Fehleroffset: 0x00051955  ID des fehlerhaften Prozesses:
 0x1080  Startzeit der fehlerhaften Anwendung: 0x01ce83e4be724819  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update
 Core\daemonu.exe  Berichtskennung: ff482921-efd7-11e2-be6f-50e54937a383  Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 19.07.2013 04:27:54 | Computer Name = BüroDesktop | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628,
 Zeitstempel: 0x51a94434  Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16604,
 Zeitstempel: 0x5184a60b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000000a43e6
ID
 des fehlerhaften Prozesses: 0xb1c  Startzeit der fehlerhaften Anwendung: 0x01ce8459bedb7001
Pfad
 der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\twinui.dll  Berichtskennung: 1b563b4f-f04d-11e2-be72-50e54937a383
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
[ System Events ]
Error - 18.07.2013 14:27:09 | Computer Name = BüroDesktop | Source = Microsoft-Windows-Kernel-General | ID = 6
Description = 
 
Error - 18.07.2013 14:29:41 | Computer Name = BüroDesktop | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-19 12:56:04
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002e OCZ-AGILITY3 rev.2.22 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\pwtoypog.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\WINDOWS\system32\dwm.exe[880] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690            000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698            000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1184] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246          000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                      000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                      000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                    000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                            000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1204] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                            000007fff00a1782 4 bytes [0A, F0, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007ffe9d61532 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007ffe9d6153a 4 bytes [D6, E9, FF, 07]
.text   C:\Program Files\Internet Explorer\iexplore.exe[812] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007ffe9d6165a 4 bytes [D6, E9, FF, 07]
.text   C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fff00a177a 4 bytes [0A, F0, FF, 07]
.text   C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe[3784] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fff00a1782 4 bytes [0A, F0, FF, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [448:472]                                                                                      fffff9600095f5e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                            -1236595191

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 19.07.2013, 12:12   #2
schrauber
/// the machine
/// TB-Ausbilder
 

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 19.07.2013, 12:44   #3
MrMr
 
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



unter Option #, sind die TextDatein zu groß.

siehe Anhang...
__________________

Alt 19.07.2013, 14:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



Dann beim nächsten Mal die Logs bitte teilen und in Codetags posten

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.07.2013, 14:47   #5
MrMr
 
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



Zitat:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke .
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Die folgenden Fehler traten bei der Verarbeitung auf:
Der Text, den Sie eingegeben haben, besteht aus 132244 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

was meinst du mit teilen?
Jede Logfile als einzelner Post?

Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 19/07/2013 um 15:06:46 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center  (64 bits)
# Benutzer : *** - BÜRODESKTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[S1].txt - [567 octets] - [19/07/2013 15:06:46]

########## EOF - C:\AdwCleaner[S1].txt - [626 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 8 Pro with Media Center x64
Ran by *** on 19.07.2013 at 15:14:52,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3748071057-78676879-3553033668-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9020890-9E08-446B-87B0-0C5CD0436D86}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 15:17:00,83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


Geändert von MrMr (19.07.2013 um 15:05 Uhr)

Alt 19.07.2013, 14:50   #6
MrMr
 
JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?



den FRST Log muss ich leider als Anhang mitgeben... sry!


ps.: ab ins Wochenende, bin Sonntag wieder am Rechner.
schönes Wochenende an alle!

Geändert von MrMr (19.07.2013 um 15:16 Uhr)

Alt 19.07.2013, 15:33   #7
schrauber
/// the machine
/// TB-Ausbilder
 

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Standard

JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log. Das Log von FRST bitte in 2 hälften teilen und einzeln posten.
Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?
amd, appdata, c:\windows, common, deinstallieren, entfernen, fehlermeldung, files, games, gleichzeitig, hijack, hotspot, infos, install.exe, installieren, mysearchdial, nvidia, online, online games, process, server, source, super, system, system32, sytem, temp, unknown, verknüpfung, virtual machine, windows



Ähnliche Themen: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?


  1. Ads By Dr Games entfernen
    Anleitungen, FAQs & Links - 09.11.2015 (2)
  2. Ads By Princess Games entfernen
    Anleitungen, FAQs & Links - 02.10.2015 (2)
  3. Ads by Future Games entfernen
    Anleitungen, FAQs & Links - 09.09.2015 (2)
  4. Ads By Disco Games entfernen
    Anleitungen, FAQs & Links - 22.08.2015 (2)
  5. Ads by Teras Games entfernen
    Anleitungen, FAQs & Links - 19.08.2015 (2)
  6. Ads By Flash Games Rockstar entfernen
    Anleitungen, FAQs & Links - 15.08.2015 (2)
  7. Keine Server Online-Games via Steam / ADs trotz ADblock
    Plagegeister aller Art und deren Bekämpfung - 02.05.2015 (7)
  8. PSW.Online-Games.P und Win32/Heri auf Win7 mit AVG Rescue CD gefunden und "bereinigt"?
    Log-Analyse und Auswertung - 21.11.2014 (17)
  9. Trojaner - Ordner werden zu Verknüpfung - Recycled (Verknüpfung) Recycler -system32
    Log-Analyse und Auswertung - 13.04.2014 (33)
  10. FreeRide Games Toolbar entfernen
    Anleitungen, FAQs & Links - 21.03.2014 (2)
  11. Mysearchdial läßt sich nicht entfernen
    Log-Analyse und Auswertung - 05.03.2014 (8)
  12. mysearchdial.com entfernen
    Anleitungen, FAQs & Links - 15.10.2013 (2)
  13. Pc lagg(internet Videos,Musik (games)(online-offline)
    Netzwerk und Hardware - 02.04.2011 (1)
  14. keine verbindung zu online games
    Alles rund um Windows - 17.06.2008 (1)
  15. PC laggt bei Online-Games! Experten sind gefragt!
    Plagegeister aller Art und deren Bekämpfung - 17.10.2004 (9)

Zum Thema JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? - Hi, ich musste mir JDownloader 2 installieren und hab mir dann gleichzeitig mysearchdial hijack und Online Games Verknüpfung (Online Games mysearchdials) eingefangen. Beim versuch JDonwloader 2 zu deinstallieren kamm die - JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen?...
Archiv
Du betrachtest: JDownloader 2, mysearchdial hijack und Online Games Verknüpfung entfernen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.