Firefox öffnet von allein Tabs
Also der Threadtitel sagts ja bereits. Hier der OTL Log.
Extra.txt und Gmer.txt sind bereits vorhanden, aber vorab die Frage: Ist das ok, wenn ich das so poste?OTL Logfile: Code:
OTL logfile created on: 30.11.2012 14:03:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gerolsteiner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,08% Memory free
5,98 Gb Paging File | 4,97 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,33 Gb Total Space | 194,78 Gb Free Space | 86,44% Space Free | Partition Type: NTFS
Drive D: | 225,33 Gb Total Space | 225,23 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: GEROLSTEINER-PC | User Name: gerolsteiner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.30 14:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gerolsteiner\Desktop\OTL.exe
PRC - [2012.09.07 00:44:58 | 000,587,472 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.09.07 00:44:54 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 00:44:42 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.06.13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.03.19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2012.01.17 22:20:26 | 000,653,640 | ---- | M] () -- C:\Programme\Expat Shield\bin\openvpntray.exe
PRC - [2012.01.17 22:15:44 | 000,331,608 | ---- | M] () -- C:\Programme\Expat Shield\bin\openvpnas.exe
PRC - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Programme\Expat Shield\bin\hsswd.exe
PRC - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Expat Shield\HssWPR\hsssrv.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
========== Modules (No Company Name) ==========
MOD - [2012.01.17 22:21:28 | 000,009,544 | ---- | M] () -- C:\Programme\Expat Shield\bin\lang\gui-ger.dll
MOD - [2012.01.17 22:20:26 | 000,653,640 | ---- | M] () -- C:\Programme\Expat Shield\bin\openvpntray.exe
MOD - [2012.01.17 21:04:23 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2012.10.28 11:02:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 14:08:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.07 00:44:58 | 000,587,472 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.08 09:28:30 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.17 22:22:02 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012.01.17 22:15:44 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Programme\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Programme\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
========== Driver Services (SafeList) ==========
DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.07.10 03:48:18 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.01.05 00:01:56 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2012.01.05 00:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2011.12.28 12:59:18 | 000,084,512 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt58.sys -- (vidsflt58)
DRV - [2011.12.28 12:59:15 | 000,076,768 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011.11.17 15:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2011.11.17 15:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_Vim.sys -- (Uim_Vim)
DRV - [2011.11.17 15:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2011.10.21 02:41:56 | 002,223,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011.06.21 10:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.05.20 15:12:44 | 000,315,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 80 BA B4 D5 59 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.1
FF - prefs.js..network.proxy.socks_version: 0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 11:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.08.29 07:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 11:02:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 11:02:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.12.27 19:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gerolsteiner\AppData\Roaming\mozilla\Extensions
[2012.10.23 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gerolsteiner\AppData\Roaming\mozilla\Firefox\Profiles\olcjqbe8.default\extensions
[2012.10.28 11:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 11:02:05 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.10.28 11:02:05 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.10.28 11:02:05 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2012.10.28 11:02:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 11:40:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 11:40:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 11:40:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 11:40:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 11:40:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 11:40:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Programme\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKCU..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found
O4 - Startup: C:\Users\gerolsteiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Programme\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB195635-AED5-4841-BCE8-9ECB2622D637}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78DFCDD-8DA3-41D1-8714-01684D6F5AC1}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{eae627a2-3635-11e1-b87d-b482fe37d72b}\Shell - "" = AutoRun
O33 - MountPoints2\{eae627a2-3635-11e1-b87d-b482fe37d72b}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.30 14:01:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\gerolsteiner\Desktop\OTL.exe
[2012.11.30 13:52:03 | 055,454,464 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\gerolsteiner\Desktop\SpybotSD2_2.0.12.exe
[2012.11.17 19:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.11.15 14:46:44 | 000,000,000 | ---D | C] -- C:\Users\gerolsteiner\AppData\Local\PokerStars.EU
[2012.11.15 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.EU
[2012.11.15 14:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.EU
========== Files - Modified Within 30 Days ==========
[2012.11.30 14:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gerolsteiner\Desktop\OTL.exe
[2012.11.30 14:01:09 | 000,000,000 | ---- | M] () -- C:\Users\gerolsteiner\defogger_reenable
[2012.11.30 14:00:27 | 000,050,477 | ---- | M] () -- C:\Users\gerolsteiner\Desktop\Defogger.exe
[2012.11.30 13:52:38 | 055,454,464 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\gerolsteiner\Desktop\SpybotSD2_2.0.12.exe
[2012.11.30 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.30 12:10:32 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 12:10:32 | 000,015,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.30 12:08:08 | 101,670,648 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.11.30 12:01:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.30 12:01:49 | 2406,912,000 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.21 12:58:56 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.21 12:58:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.21 12:58:56 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.21 12:58:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.18 15:18:05 | 000,000,301 | ---- | M] () -- C:\Users\gerolsteiner\AppData\Roaming\burnaware.ini
[2012.11.16 10:32:59 | 000,294,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 14:46:44 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.11.12 17:05:11 | 000,233,719 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
========== Files Created - No Company Name ==========
[2012.11.30 14:01:09 | 000,000,000 | ---- | C] () -- C:\Users\gerolsteiner\defogger_reenable
[2012.11.30 14:00:27 | 000,050,477 | ---- | C] () -- C:\Users\gerolsteiner\Desktop\Defogger.exe
[2012.11.16 09:10:24 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 09:10:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 14:46:44 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.eu.lnk
[2012.08.22 08:07:07 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.07.01 16:28:05 | 000,000,301 | ---- | C] () -- C:\Users\gerolsteiner\AppData\Roaming\burnaware.ini
[2011.12.27 19:02:57 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2011.12.25 18:46:54 | 000,000,017 | ---- | C] () -- C:\Users\gerolsteiner\AppData\Local\resmon.resmoncfg
========== ZeroAccess Check ==========
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011.12.28 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\Acronis
[2011.12.27 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\AVG2012
[2012.03.07 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\avidemux
[2011.12.28 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\C55FD0AF-009F-4D1C-97D6-C5AA634F8E3F
[2012.01.03 15:02:12 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\Canneverbe Limited
[2012.02.07 21:38:24 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\Canon
[2012.04.08 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\DeepBurner
[2012.01.03 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\DVDVideoSoft
[2012.01.03 14:38:30 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.24 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\IrfanView
[2012.08.21 12:49:17 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\LockHunter
[2012.07.04 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\mkvtoolnix
[2012.10.07 20:25:25 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\Mp3tag
[2012.01.17 21:05:05 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\OpenOffice.org
[2012.08.21 12:49:53 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\QuickStoresToolbar
[2011.12.29 12:30:46 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\Spyware Terminator
[2012.07.04 19:01:04 | 000,000,000 | ---D | M] -- C:\Users\gerolsteiner\AppData\Roaming\XMedia Recode
========== Purity Check ==========
< End of report >
--- --- ---
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 30.11.2012 14:03:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\gerolsteiner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,08% Memory free
5,98 Gb Paging File | 4,97 Gb Available in Paging File | 83,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,33 Gb Total Space | 194,78 Gb Free Space | 86,44% Space Free | Partition Type: NTFS
Drive D: | 225,33 Gb Total Space | 225,23 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
Computer Name: GEROLSTEINER-PC | User Name: gerolsteiner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0601F2A4-CFFB-4957-B907-3ADB144DF2FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11221255-17C7-4A9B-9300-DBD283B856E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1AB9B3F5-1275-466C-9ED6-C5DEE3806BAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3E1FC6-845F-4719-BB8A-302C5C3C4B5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C94FC6A-5EB7-4FB2-BC33-E57BFF133C04}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2E5B2565-6169-4AF7-BBBF-A2A1C32E5E3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{432F9BA8-8C48-4373-8F8E-598DAA683F9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{527B0D95-C5C6-43B1-A734-06EEB9EA9ED8}" = lport=138 | protocol=17 | dir=in | app=system |
"{5706A513-6270-495B-BB55-D6C301105A02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5931FFBB-A220-4F48-88A1-F5F297C7920F}" = lport=137 | protocol=17 | dir=in | app=system |
"{6369A8B1-3BAE-43CE-B132-5EE92E49C6F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71A8E0E1-60DC-4582-8D49-708F37DD0EAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77F49EEB-27C5-469F-8EFA-2406DAAAB9F9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{86A5E15D-1014-4EFB-9E74-96311C32FF59}" = rport=139 | protocol=6 | dir=out | app=system |
"{882EE122-413E-454C-A3C0-6D58A108DE67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B0D95A8-0137-4096-B451-1F034E738174}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8D6358F5-C058-4443-872D-38CEE06F25BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E697083-007B-4994-B51B-2BD921E604F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{983BA411-6A56-4CE8-97CE-94F0C4574552}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9901205B-BD79-4DC0-8DFD-533B66DFE63C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B91B5FE-9CDB-4EB3-8975-E7124A67E9C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A238FCF1-821D-4B94-AC7B-6BC7E5B45C0E}" = rport=445 | protocol=6 | dir=out | app=system |
"{B3ABDD4D-4E04-4873-874F-1722AE0169BA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BA7D9A11-07D1-4178-87D6-59A668BDAC35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C103F8C0-85B3-4627-A05B-9714F467F6DE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D287219B-C526-421F-BE7A-3E2F8FE94135}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF0B3F4A-EB4E-46B4-A5DB-DAE63986F485}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3A9D892-E79E-4408-B14E-3604542A178A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E74AE7CE-7DD9-4754-96D5-089AE830BDC5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EDDFC9B6-7063-4245-BBA8-4FFE4CDF73E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F207B1FD-41AA-45AF-B418-778CD76BB6F5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F98FDF53-EBA7-4B4C-B159-FC8AE03681C2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FB0E920A-56BD-4828-A972-BB9436B18F58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108945FC-73A3-4438-B0AE-24A80263C68D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13080196-0931-4B91-B51E-20924BA8E202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15F95361-CBD5-4632-B694-899A1ABBD71F}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{25A21D23-3119-4510-A0B7-F0E101090EF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29A28A75-04C3-4CF8-A124-461266381E59}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{2B7CA583-A019-4766-BCE0-6B87D46BA295}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4316B9EC-78F9-4E96-A4DD-09FBCD8DC1DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{437DC512-B480-464F-830B-6D339B4339D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4568D51B-A7D6-40E9-9FD7-AAF706DA1955}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{46DD8FA1-E145-4696-8EFB-E985844B5E6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{475E0037-2C96-4483-A79E-3095311D186E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5E3F561C-27A7-4A63-823B-95B2DF4F435C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6562C317-06F4-4408-91CB-80E5E2ADC3FC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{6D230DAC-B3D2-4C4D-B63A-319641E9EE00}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7217F3C7-F752-43DD-9286-1B787BF3C3C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7390FF77-60AA-404E-9FC8-A2E22C89C8FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BBEBD53-D861-4293-964A-3BD52E5BF996}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{860856CF-ABF3-4F32-9C0C-147C9D8D64D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{88A31FB9-FCB3-4AA0-B009-17C9770A72E0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9086CC06-6AEF-4757-97C8-EC06B84492C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97997F3F-F235-4169-9E37-E57E0DEF5CC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{9832D294-B381-48DD-BD00-1B82537600AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9904AE71-D315-4217-AE80-9CEAC597911A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9C4916AE-B978-40C2-A179-724D6B6028E1}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{A581D608-608F-4FDA-A5D9-D44FA6023FC7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B70D7626-58F1-4A7A-8F0D-84B0FF8E251B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B8E62CCA-67EB-45DE-BA7D-39C204041DDB}" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"{C40F78A4-4677-49EB-B16D-B130F346D64F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{CC59F470-3F8B-4DD1-9221-68FA5D94AB80}" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminator.exe |
"{CF63A696-7478-4C67-B017-7CD06FEE3D51}" = protocol=6 | dir=out | app=system |
"{D5CE8C35-8EE4-4ADD-812B-B3F92FD83761}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E22F42CD-5ED5-4DD9-AC73-25BD2D407659}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{E4AE851B-4D3E-40DA-8CB2-9385974EA938}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E87FCEF1-F82D-4729-AD3F-1B29FC45D8F3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFAFAC67-9E8C-43C7-96EE-0012DE9C5D6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F45E4E17-4611-4F0C-B2D6-5DD919054B8B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F8EB7535-4E73-4FBE-93B7-BBBA8E04665D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{25481BC8-185F-461A-A2CC-D6E4FE7099F6}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{8968FD3E-705F-45D2-AEEC-69B1F50A06A0}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9858CAC6-BD9A-4603-A5C2-1CA47CB025D6}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{D2DC8968-3D84-46E0-855E-57ED15D25B08}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{CCB9C4E1-3DF9-422F-AC78-A128F1610747}" = AVG 2012
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9261CAB-3E1D-423C-9DD6-2001056DA292}" = Manual CanoScan 5000,5000F,8000F
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"AVG" = AVG 2012
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BurnAware Free_is1" = BurnAware Free 4.9
"ExpatShield" = Expat Shield 2.25
"FLV Player" = FLV Player 2.0 (build 25)
"IrfanView" = IrfanView (remove only)
"KaloMa_is1" = KaloMa 4.93
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"PokerStars.eu" = PokerStars.eu
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.10.2012 13:42:49 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:49 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:49 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:50 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:50 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10106
Description =
Error - 08.10.2012 13:42:52 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:52 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 08.10.2012 13:42:52 | Computer Name = gerolsteiner-PC | Source = ExpatShieldService | ID = 10103
Description =
Error - 29.10.2012 10:52:27 | Computer Name = gerolsteiner-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AcroRd32.exe, Version: 10.1.4.38,
Zeitstempel: 0x5012ea69 Name des fehlerhaften Moduls: AcroRd32.dll, Version: 10.1.4.38,
Zeitstempel: 0x5012f9f9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00183a12 ID des fehlerhaften
Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cdb5e4a04d4162 Pfad der
fehlerhaften Anwendung: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe Pfad
des fehlerhaften Moduls: C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.dll
Berichtskennung:
40f26427-21d8-11e2-83e4-b482fe37d72b
Error - 09.11.2012 07:34:30 | Computer Name = gerolsteiner-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SpywareTerminatorUpdate.exe, Version:
3.0.0.39, Zeitstempel: 0x5044c054 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000024 Fehleroffset: 0x00081e57
ID
des fehlerhaften Prozesses: 0x17a4 Startzeit der fehlerhaften Anwendung: 0x01cdbe6e2cc4a2c7
Pfad
der fehlerhaften Anwendung: C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6c41be5d-2a61-11e2-90a8-b482fe37d72b
[ System Events ]
Error - 31.10.2012 03:36:28 | Computer Name = gerolsteiner-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 13.11.2012 06:44:47 | Computer Name = gerolsteiner-PC | Source = DCOM | ID = 10010
Description =
Error - 16.11.2012 05:33:11 | Computer Name = gerolsteiner-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%14
Error - 17.11.2012 12:56:56 | Computer Name = gerolsteiner-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 20.11.2012 07:41:57 | Computer Name = gerolsteiner-PC | Source = Microsoft-Windows-Application-Experience | ID = 205
Description = Der Dienst "Programmkompatibilitäts-Assistent" konnte Phase 2 nicht
initialisieren.
Error - 20.11.2012 15:42:33 | Computer Name = gerolsteiner-PC | Source = DCOM | ID = 10010
Description =
Error - 28.11.2012 07:54:12 | Computer Name = gerolsteiner-PC | Source = DCOM | ID = 10010
Description =
Error - 28.11.2012 09:44:39 | Computer Name = gerolsteiner-PC | Source = DCOM | ID = 10010
Description =
Error - 28.11.2012 11:37:41 | Computer Name = gerolsteiner-PC | Source = DCOM | ID = 10010
Description =
Error - 28.11.2012 16:40:26 | Computer Name = gerolsteiner-PC | Source = WMPNetworkSvc | ID = 866300
Description =
< End of report >
--- --- ---
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-30 23:00:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4
Running: j0te7h6t.exe; Driver: C:\Users\GEROLS~1\AppData\Local\Temp\kfkyypog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x90F22444]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x90F21C8A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x90F21958]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x90F23520]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x90F21A68]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x90F21B5A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x90F22780]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x92163004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x921630D4]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x90F21F9C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x92162D76]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x90F220D2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x90F2177E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x90F226C8]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x92162EBA]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x90F222BC]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x92162F56]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C5BA49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C954D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 82C9C5A4 4 Bytes [44, 24, F2, 90] {INC ESP; AND AL, 0xf2; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C9C5E4 4 Bytes [8A, 1C, F2, 90] {MOV BL, [EDX+ESI*8]; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82C9C5F4 4 Bytes [58, 19, F2, 90] {POP EAX; SBB EDX, ESI; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C9C62C 4 Bytes [20, 35, F2, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1243 82C9C678 4 Bytes [68, 1A, F2, 90]
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000083 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000085 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b482fe37d72b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b482fe37d72b (not active ControlSet)
---- EOF - GMER 1.0.15 ----
--- --- --- |
