![]() |
|
Plagegeister aller Art und deren Bekämpfung: ADWARE/InstallCore.Gen' + Adware/Vittalia.AB + TR/Agent.887358 Infektion !Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() ADWARE/InstallCore.Gen' + Adware/Vittalia.AB + TR/Agent.887358 Infektion ! Hallo, Habe nach einem Antivir-Scan die oben bereits genannten Funde gemeldet bekommen. Es öffnen sich ständig Pop Up´s und auf jeder Seite werde ich mit Werbung überhäuft. Ich hoffe es kann mir hier einer weiter helfen. Avira Free Antivir Bericht : Exportierte Ereignisse: Code:
ATTFilter Exportierte Ereignisse: 12.09.2013 10:33 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Antje und Michel\Downloads\PDFConverterSetup.exe' enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56ebef39.qua' verschoben! 12.09.2013 10:33 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Antje und Michel\Downloads\installer_ccleaner_Deutsch.exe' enthielt einen Virus oder unerwünschtes Programm 'Adware/Vittalia.AB' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4eafc0c8.qua' verschoben! 12.09.2013 10:27 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Antje und Michel\Downloads\installer_ccleaner_Deutsch.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/Vittalia.AB' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.09.2013 10:27 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Antje und Michel\Downloads\PDFConverterSetup.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern 10.09.2013 19:06 [System-Scanner] Malware gefunden Die Datei 'C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.887358' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d86da66.qua' verschoben! OTL-Logfile : OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.09.2013 17:19:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Antje und Michel\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16686) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 51,43% Memory free 7,50 Gb Paging File | 5,23 Gb Available in Paging File | 69,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,14 Gb Total Space | 163,97 Gb Free Space | 67,16% Space Free | Partition Type: NTFS Drive D: | 221,62 Gb Total Space | 54,02 Gb Free Space | 24,38% Space Free | Partition Type: NTFS Computer Name: DOHÄÄM | User Name: Antje und Michel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.09.12 17:17:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Antje und Michel\Downloads\OTL.exe PRC - [2013.09.11 21:00:20 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe PRC - [2013.09.10 19:02:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.09.10 19:01:08 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.09.10 19:00:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.09.10 19:00:49 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.09.10 19:00:45 | 000,328,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe PRC - [2013.09.09 08:48:42 | 000,246,616 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe PRC - [2013.08.18 11:52:49 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2013.08.18 11:52:49 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe PRC - [2013.08.18 11:52:49 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe PRC - [2013.08.14 19:55:19 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe PRC - [2013.07.26 22:30:31 | 001,558,480 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe PRC - [2013.07.25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.29 12:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.10.30 19:34:33 | 000,107,520 | ---- | M] () -- C:\Users\Antje und Michel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe PRC - [2011.10.04 13:32:18 | 001,531,396 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe PRC - [2010.07.29 09:47:08 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.10.15 15:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009.10.15 15:11:44 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2008.06.06 12:40:00 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2008.06.04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2007.02.20 06:10:26 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2006.11.15 23:12:54 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logitech\lvmvfm\LVPrS64H.exe PRC - [2006.11.15 23:01:52 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe PRC - [2006.11.15 22:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe PRC - [2006.11.15 22:57:20 | 000,171,544 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2006.10.31 02:03:48 | 000,284,184 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logitech\LComMgr\Communications_Helper.exe PRC - [2002.08.22 16:27:28 | 000,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files (x86)\CASIO\Photo Loader\Plauto.exe ========== Modules (No Company Name) ========== MOD - [2013.09.11 21:00:20 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll MOD - [2013.09.10 19:02:29 | 000,394,824 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll MOD - [2013.08.18 11:52:49 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2013.08.18 11:52:49 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll MOD - [2013.08.18 11:52:49 | 000,144,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll MOD - [2013.08.14 19:55:36 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.07.05 10:47:28 | 000,607,232 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2013.05.20 12:58:08 | 000,620,718 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll MOD - [2013.05.17 10:51:16 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.02.04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.01 15:11:55 | 002,052,096 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll MOD - [2010.11.01 15:11:55 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll MOD - [2010.11.01 15:11:55 | 000,835,584 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll MOD - [2010.11.01 15:11:55 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll MOD - [2010.11.01 15:11:55 | 000,770,048 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll MOD - [2010.11.01 15:11:55 | 000,679,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2010.11.01 15:11:55 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll MOD - [2010.11.01 15:11:55 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll MOD - [2010.11.01 15:11:55 | 000,232,448 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2010.11.01 15:11:55 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2010.11.01 15:11:54 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll MOD - [2010.11.01 15:11:54 | 001,035,264 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2010.11.01 15:11:54 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll MOD - [2010.11.01 15:11:54 | 000,667,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2010.11.01 15:11:54 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll MOD - [2010.11.01 15:11:54 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll MOD - [2010.11.01 15:11:54 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2010.11.01 15:11:54 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2010.11.01 15:11:54 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2010.11.01 15:11:54 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2010.11.01 15:11:54 | 000,223,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2010.11.01 15:11:54 | 000,171,008 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2010.11.01 15:11:54 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll MOD - [2010.11.01 15:11:54 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll MOD - [2010.11.01 15:11:54 | 000,120,832 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2010.11.01 15:11:54 | 000,115,200 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2010.11.01 15:11:54 | 000,095,744 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2010.11.01 15:11:54 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll MOD - [2010.11.01 15:11:54 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2010.11.01 15:11:54 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2010.11.01 15:11:54 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2010.11.01 15:11:54 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2010.11.01 15:11:54 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2010.11.01 15:11:54 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2010.11.01 15:11:54 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2010.11.01 15:11:54 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MEshim.dll MOD - [2010.11.01 15:11:54 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll MOD - [2010.11.01 15:11:54 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2010.11.01 15:11:54 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll MOD - [2009.08.21 15:45:30 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2007.02.22 03:29:00 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx MOD - [2007.02.22 03:28:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VPCD.dll MOD - [2007.02.22 03:22:36 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll MOD - [2006.11.15 23:00:44 | 001,078,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\LAppRes.dll MOD - [2006.11.15 22:58:40 | 000,746,520 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe MOD - [2006.10.31 02:04:12 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logitech\LComMgr\LCMServerPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.05.07 17:34:42 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2010.02.10 16:05:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.09.11 21:00:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.09.10 19:02:19 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.09.10 19:01:08 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.09.10 19:00:51 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.09.09 08:48:42 | 000,246,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service) SRV - [2013.08.18 11:52:49 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - [2013.08.14 19:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.26 22:30:39 | 000,168,400 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.30 19:34:33 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Antje und Michel\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2011.10.04 13:32:18 | 001,531,396 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService) SRV - [2010.10.31 15:22:24 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.05.07 17:40:04 | 001,403,208 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.05.07 17:34:32 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.15 15:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.06 12:40:00 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008.06.04 18:59:34 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2007.01.11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.11.15 23:14:02 | 000,171,808 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2006.11.15 23:12:42 | 000,171,808 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.09.10 19:02:55 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.09.10 19:02:55 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.09.10 19:02:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.08.18 11:52:49 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2013.01.05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.27 04:25:14 | 000,172,032 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssm_mdm.sys -- (ssm_mdm) DRV:64bit: - [2010.04.27 04:25:14 | 000,136,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssm_bus.sys -- (ssm_bus) DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV:64bit: - [2010.02.10 16:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.02.10 16:24:06 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.10 15:11:14 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.11.23 10:41:48 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2008.06.04 18:59:44 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV:64bit: - [2007.10.12 03:00:22 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.10.12 02:56:34 | 000,582,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV561V64.sys -- (PID_0928) DRV:64bit: - [2006.11.15 23:12:08 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV:64bit: - [2006.11.15 23:11:56 | 002,345,120 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv) DRV:64bit: - [2006.11.15 23:11:00 | 000,997,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64) DRV - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010.02.25 12:18:08 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.rtl.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F AC DD 72 0F 79 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ss_Btisdt3&mntrId=52FD6C626D87D384&affID=119357&tsp=4985 IE - HKCU\..\SearchScopes\{2B333777-F41A-4fad-B9EC-EA361FC77813}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=2860773539&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{4475C40D-0A6C-4676-A6A6-8FF5B5B40E18}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROW IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={71FEC2BD-B095-4792-B29D-D7348C7A32C1}&mid=b2b78631db1647d6b423bd2b2b633a77-c5043c1e3c1ccbd0bdbe64d7ba66f8a37c98d544&lang=de&ds=AVG&pr=fr&d=2011-12-12 17:10:32&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.rtl.de/cms/index.html" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7BC9B68337-E93A-44EA-94DC-CB300EC06444%7D:4.51.0 FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6.1 FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.91.146 FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.1.34 FF - prefs.js..extensions.enabledAddons: firefox%40browsefox.com:1.0.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B4340308e-3e37-4dd7-9192-8cf05ce9c9f2%7D:1.130 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21 FF - prefs.js..extensions.enabledAddons: toolbar_AVIRA-V7%40apn.ask.com:20.53263 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.06 18:56:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.08.26 14:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.26 14:30:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.08.26 14:30:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.08.26 14:30:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}: C:\Program Files (x86)\LyriXeeker\130.xpi [2013.08.26 13:12:32 | 000,005,394 | ---- | M] () [2010.10.31 17:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Extensions [2013.09.10 19:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions [2013.01.05 19:40:07 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.08.27 16:49:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.08 11:57:30 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.04.20 12:45:46 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2013.07.16 15:34:51 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\crossriderapp2258@crossrider.com [2013.08.25 17:17:39 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\ffxtlbr@delta.com [2013.08.23 17:40:27 | 000,000,000 | ---D | M] (BrowseFox) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\firefox@browsefox.com [2013.07.16 15:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\Firefox\Profiles\w05hla8v.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode [2013.08.23 17:36:05 | 000,037,942 | ---- | M] () (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\extensions\addon@defaulttab.com.xpi [2013.06.19 16:33:29 | 000,613,211 | ---- | M] () (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\extensions\toolbar@web.de.xpi [2013.07.26 22:31:20 | 000,713,729 | ---- | M] () (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2012.12.11 13:13:02 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.07.14 20:45:10 | 000,000,915 | ---- | M] () -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\searchplugins\conduit.xml [2013.08.25 17:18:14 | 000,002,501 | ---- | M] () -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\searchplugins\google.xml [2013.09.12 17:14:35 | 000,001,977 | ---- | M] () -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\searchplugins\search-here.xml [2013.08.25 17:18:11 | 000,000,633 | ---- | M] () -- C:\Users\Antje und Michel\AppData\Roaming\mozilla\firefox\profiles\w05hla8v.default\searchplugins\yahoo.xml [2013.08.26 14:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.08.26 14:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.08.26 15:31:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.08.26 15:31:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.08.26 13:12:32 | 000,005,394 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\LYRIXEEKER\130.XPI [2013.02.19 06:56:46 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.04.20 12:40:52 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (no name) - {11111111-1111-1111-1111-110011221158} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O2 - BHO: (no name) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Antje und Michel\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [LVCOMSX] C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Users\ANTJEU~1\AppData\Local\Temp\E_S9B3.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKLM..\RunOnceEx: [] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Antje und Michel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Antje und Michel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E35E6C7-09ED-40FA-96F2-BD084FA82A95}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{573b196e-8265-11e1-aeb4-6c626d87d384}\Shell - "" = AutoRun O33 - MountPoints2\{573b196e-8265-11e1-aeb4-6c626d87d384}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{b74618de-07eb-11e3-b18e-6c626d87d384}\Shell - "" = AutoRun O33 - MountPoints2\{b74618de-07eb-11e3-b18e-6c626d87d384}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.09.12 09:55:15 | 000,000,000 | R--D | C] -- C:\Users\Antje und Michel\Saved Games [2013.09.11 20:35:33 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\Documents\Sony [2013.09.10 19:05:10 | 000,081,112 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.09.10 19:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork [2013.09.10 19:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork [2013.09.10 19:04:13 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Roaming\Avira [2013.09.10 19:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.09.10 19:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.09.10 19:03:14 | 000,132,088 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.09.10 19:03:14 | 000,105,344 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.09.10 19:03:14 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.09.10 19:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.09.10 19:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.08.26 14:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.08.26 13:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyriXeeker [2013.08.25 17:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.08.25 17:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.08.25 17:30:43 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.08.25 17:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.08.25 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Local\Programs [2013.08.25 17:17:35 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Roaming\Delta [2013.08.25 11:39:20 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Roaming\MetaCrawler [2013.08.24 07:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.08.23 17:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.08.23 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.08.23 17:40:30 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Local\avgchrome [2013.08.23 17:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.08.23 17:40:25 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\AppData\Roaming\BabSolution [2013.08.23 17:40:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseFox [2013.08.18 13:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2013.08.18 13:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson [2013.08.18 13:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.08.18 13:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.08.18 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.08.18 12:44:32 | 000,000,000 | ---D | C] -- C:\Users\Antje und Michel\Desktop\Xperia U 25 i [2013.08.14 11:10:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2012.01.29 16:04:32 | 054,711,704 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Antje und Michel\AdbeRdr1012_de_DE.exe [2011.02.23 19:59:22 | 010,110,880 | ---- | C] (Geek Software GmbH ) -- C:\Users\Antje und Michel\pdf24-creator.exe [2011.02.23 19:54:59 | 017,468,504 | ---- | C] (pdfforge GbR) -- C:\Users\Antje und Michel\PDFCreator-1_2_0_setup.exe ========== Files - Modified Within 30 Days ========== [2013.09.12 17:13:59 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.09.12 17:13:59 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.09.12 17:06:18 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.09.12 17:06:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.09.12 17:05:57 | 3019,251,712 | -HS- | M] () -- C:\hiberfil.sys [2013.09.12 10:45:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2013.09.12 10:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.09.12 09:54:08 | 000,416,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.09.11 20:34:27 | 001,507,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.09.11 20:34:27 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.09.11 20:34:27 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.09.11 20:34:27 | 000,131,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.09.11 20:34:27 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.09.11 20:00:25 | 000,000,306 | RHS- | M] () -- C:\Users\Antje und Michel\ntuser.pol [2013.09.10 19:05:10 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.09.10 19:03:25 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.09.10 19:02:55 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.09.10 19:02:55 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.09.10 19:02:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.09.10 18:56:39 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.09.09 22:53:17 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk [2013.09.09 22:27:12 | 000,001,190 | ---- | M] () -- C:\Users\Antje und Michel\Desktop\BaseCamp.lnk [2013.08.26 15:31:30 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.08.25 17:30:46 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.08.23 16:31:13 | 000,000,174 | ---- | M] () -- C:\Users\Antje und Michel\Documents\cc_20130823_163058.reg [2013.08.18 11:53:10 | 000,003,715 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2013.08.18 11:52:49 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys ========== Files Created - No Company Name ========== [2013.09.10 19:03:25 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.09.09 22:27:12 | 000,001,190 | ---- | C] () -- C:\Users\Antje und Michel\Desktop\BaseCamp.lnk [2013.08.25 17:30:46 | 000,001,401 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.08.25 17:30:46 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.08.24 07:28:17 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.08.24 07:28:17 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.08.23 16:31:03 | 000,000,174 | ---- | C] () -- C:\Users\Antje und Michel\Documents\cc_20130823_163058.reg [2013.08.18 13:01:42 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.08.14 09:27:30 | 000,000,306 | RHS- | C] () -- C:\Users\Antje und Michel\ntuser.pol [2013.05.21 17:22:19 | 000,003,715 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml [2011.07.13 12:57:25 | 000,008,192 | ---- | C] () -- C:\Users\Antje und Michel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.26 23:30:10 | 000,000,017 | ---- | C] () -- C:\Users\Antje und Michel\AppData\Local\resmon.resmoncfg [2011.05.03 09:44:35 | 000,000,000 | ---- | C] () -- C:\Users\Antje und Michel\AppData\Local\prvlcl.dat [2011.02.24 23:07:32 | 000,002,528 | ---- | C] () -- C:\Users\Antje und Michel\AppData\Roaming\$_hpcst$.hpc [2010.12.30 23:49:07 | 011,595,264 | ---- | C] () -- C:\Users\Antje und Michel\epson324557eu.exe [2010.12.05 20:48:37 | 000,000,387 | ---- | C] () -- C:\Users\Antje und Michel\AppData\Roaming\burnaware.ini [2010.10.31 18:17:13 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.08.25 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\BabSolution [2012.04.20 12:40:46 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Babylon [2010.11.06 15:31:57 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Canneverbe Limited [2010.11.02 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.02.05 22:44:13 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\DealPly [2012.10.30 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\DefaultTab [2013.08.25 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Delta [2010.10.31 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\DisplayTune [2012.05.18 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\DVDVideoSoft [2012.05.18 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.08 13:57:15 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\EPSON [2013.03.24 17:27:33 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Garmin [2013.02.25 20:17:25 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\GlarySoft [2011.08.26 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Imaxel [2010.10.31 14:56:38 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\MAGIX [2013.08.25 11:39:20 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\MetaCrawler [2011.04.25 22:53:23 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\ML [2010.11.06 15:31:37 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\OpenCandy [2011.02.24 23:07:31 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Samsung [2012.10.16 15:24:07 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\TuneUp Software [2010.11.06 15:32:13 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Uniblue [2010.10.31 15:12:23 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\Win7codecs [2012.06.01 09:19:07 | 000,000,000 | ---D | M] -- C:\Users\Antje und Michel\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Ich bedanke mich schon mal im vorraus! ![]() |
Themen zu ADWARE/InstallCore.Gen' + Adware/Vittalia.AB + TR/Agent.887358 Infektion ! |
adobe, adware/vittalia.ab, avira searchfree toolbar, browser, desktop, explorer, flash player, iminent toolbar, lyrixeeker, malware, plug-in, programm, pup.optional.dealply.a, pup.optional.defaulttab, pup.optional.defaulttab.a, pup.optional.regcleanerpro, registry, safer networking, secure search, software, temp, vtoolbarupdater, werbung, windows, xperia |