| interaktion | 26.01.2012 00:00 |
Sooo... Ich hoffe, das alles reicht dir vorerst:
Eset: Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-25 03:06:09
# local_time=2012-01-25 04:06:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 240957 240957 0 0
# compatibility_mode=5893 16776573 100 94 61279 79130260 0 0
# compatibility_mode=8192 67108863 100 0 8761 8761 0 0
# scanned=217577
# found=0
# cleaned=0
# scan_time=3559
Avira: Code:
Avira Antivirus Premium 2012
Erstellungsdatum der Reportdatei: Mittwoch, 25. Januar 2012 18:44
Es wird nach 3271308 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Larusso :P
Seriennummer : ***
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : BLUBB-NEU
Versionsinformationen:
BUILD.DAT : 12.0.0.888 42511 Bytes 15.12.2011 15:53:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 23.01.2012 12:37:05
AVSCAN.DLL : 12.1.0.17 65744 Bytes 11.10.2011 14:06:08
LUKE.DLL : 12.1.0.17 68304 Bytes 11.10.2011 14:05:57
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 22.01.2012 20:11:53
AVREG.DLL : 12.1.0.27 227536 Bytes 22.01.2012 20:11:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 20:11:41
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 20:11:41
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 20:11:41
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 20:11:41
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 20:11:41
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 20:11:41
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 20:11:41
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 20:11:41
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 20:11:42
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 20:11:42
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 20:11:42
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 20:11:42
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 20:11:42
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 20:11:42
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 20:11:43
VBASE017.VDF : 7.11.20.102 240640 Bytes 02.01.2012 20:11:43
VBASE018.VDF : 7.11.20.139 164864 Bytes 04.01.2012 20:11:43
VBASE019.VDF : 7.11.20.178 167424 Bytes 06.01.2012 20:11:44
VBASE020.VDF : 7.11.20.207 230400 Bytes 10.01.2012 20:11:44
VBASE021.VDF : 7.11.20.236 150528 Bytes 11.01.2012 20:11:44
VBASE022.VDF : 7.11.21.13 135168 Bytes 13.01.2012 20:11:44
VBASE023.VDF : 7.11.21.40 163840 Bytes 16.01.2012 20:11:45
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17.01.2012 20:11:46
VBASE025.VDF : 7.11.21.98 487424 Bytes 19.01.2012 20:11:47
VBASE026.VDF : 7.11.21.156 1010688 Bytes 25.01.2012 16:00:55
VBASE027.VDF : 7.11.21.157 2048 Bytes 25.01.2012 16:00:55
VBASE028.VDF : 7.11.21.158 2048 Bytes 25.01.2012 16:00:55
VBASE029.VDF : 7.11.21.159 2048 Bytes 25.01.2012 16:00:55
VBASE030.VDF : 7.11.21.160 2048 Bytes 25.01.2012 16:00:55
VBASE031.VDF : 7.11.21.161 2048 Bytes 25.01.2012 16:00:55
Engineversion : 8.2.8.34
AEVDF.DLL : 8.1.2.2 106868 Bytes 22.01.2012 20:11:52
AESCRIPT.DLL : 8.1.4.1 434553 Bytes 22.01.2012 20:11:52
AESCN.DLL : 8.1.8.1 127348 Bytes 22.01.2012 20:11:52
AESBX.DLL : 8.2.4.5 434549 Bytes 22.01.2012 20:11:53
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06
AEPACK.DLL : 8.2.16.1 799094 Bytes 22.01.2012 20:11:52
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 22.01.2012 20:11:51
AEHEUR.DLL : 8.1.3.19 4309367 Bytes 22.01.2012 20:11:51
AEHELP.DLL : 8.1.19.0 254327 Bytes 22.01.2012 20:11:48
AEGEN.DLL : 8.1.5.17 405877 Bytes 22.01.2012 20:11:48
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01
AECORE.DLL : 8.1.25.2 201079 Bytes 22.01.2012 20:11:48
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 11.10.2011 14:05:49
AVPREF.DLL : 12.1.0.17 51920 Bytes 11.10.2011 14:05:47
AVREP.DLL : 12.1.0.17 179920 Bytes 11.10.2011 14:05:47
AVARKT.DLL : 12.1.0.19 208848 Bytes 23.01.2012 12:37:03
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 11.10.2011 14:05:46
SQLITE3.DLL : 3.7.0.0 398288 Bytes 11.10.2011 14:06:01
AVSMTP.DLL : 12.1.0.17 63440 Bytes 11.10.2011 14:05:48
NETNT.DLL : 12.1.0.17 17104 Bytes 11.10.2011 14:05:57
RCIMAGE.DLL : 12.1.0.17 4491472 Bytes 11.10.2011 14:06:11
RCTEXT.DLL : 12.1.0.16 98512 Bytes 11.10.2011 14:06:11
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 25. Januar 2012 18:44
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil11e_ActiveX.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceHelper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunes.exe' - '178' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsysdrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1920' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
Beginne mit der Suche in 'D:\' <HP_RECOVERY>
Ende des Suchlaufs: Mittwoch, 25. Januar 2012 19:45
Benötigte Zeit: 1:00:28 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
37921 Verzeichnisse wurden überprüft
541207 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
541207 Dateien ohne Befall
3052 Archive wurden durchsucht
0 Warnungen
0 Hinweise
952683 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Malwarebytes: Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org
Datenbank Version: v2012.01.22.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blubb :: BLUBB-NEU [Administrator]
Schutz: Deaktiviert
25.01.2012 19:46:58
mbam-log-2012-01-25 (19-46-58).txt
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388314
Laufzeit: 1 Stunde(n), 4 Minute(n), 52 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Ad-Aware: Code:
Logfile created: 25.01.2012 20:52:47
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Blubb
*********************** Definitions database information ***********************
Lavasoft definition file: 150.693
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11442.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 240209
Objects detected: 26
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 26
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Scan and cleaning complete: Finished correctly after 6149 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: N/A
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Mon Jan 23 22:49:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Mon Jan 23 04:49:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Mon Jan 23 10:49:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Mon Jan 23 16:49:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Jan 23 22:49:00 2012
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: true
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: maintainbackup, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: BLUBB-NEU
Processor name: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 5
Processor speed: ~3192MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 3451625472 bytes
Physical memory total: 6298877952 bytes
Virtual memory available: 1886597120 bytes
Virtual memory total: 2147352576 bytes
Memory load: 45%
Microsoft Service Pack 1 (build 7601)
Windows startup mode:
Running processes:
PID: 324 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 484 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 560 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 600 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 616 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 624 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 736 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 804 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 844 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 900 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 944 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 988 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 116 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1032 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1112 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1224 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1432 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1460 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1496 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1664 name: C:\Program Files\SUPERAntiSpyware\SASCore64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1692 name: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1712 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1748 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1808 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1920 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1948 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1984 name: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1244 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1360 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 1384 name: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2264 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2588 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2596 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2620 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2640 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2836 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2924 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1088 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2800 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3048 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2996 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1396 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3104 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3140 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3200 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3632 name: C:\Windows\System32\taskhost.exe owner: Blubb domain: Blubb-Neu
PID: 3680 name: C:\Windows\System32\dwm.exe owner: Blubb domain: Blubb-Neu
PID: 3704 name: C:\Windows\explorer.exe owner: Blubb domain: Blubb-Neu
PID: 3988 name: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe owner: Blubb domain: Blubb-Neu
PID: 3996 name: C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe owner: Blubb domain: Blubb-Neu
PID: 4020 name: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE owner: Blubb domain: Blubb-Neu
PID: 1020 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: Blubb domain: Blubb-Neu
PID: 1536 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: Blubb domain: Blubb-Neu
PID: 3656 name: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE owner: Blubb domain: Blubb-Neu
PID: 3948 name: C:\Windows\splwow64.exe owner: Blubb domain: Blubb-Neu
PID: 4416 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: Blubb domain: Blubb-Neu
PID: 4428 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Blubb domain: Blubb-Neu
PID: 2988 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4792 name: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 4308 name: C:\Program Files (x86)\iTunes\iTunes.exe owner: Blubb domain: Blubb-Neu
PID: 4156 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe owner: Blubb domain: Blubb-Neu
PID: 4256 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 1960 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe owner: Blubb domain: Blubb-Neu
PID: 1356 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 4352 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe owner: Blubb domain: Blubb-Neu
PID: 4956 name: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE owner: Blubb domain: Blubb-Neu
PID: 3028 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Blubb domain: Blubb-Neu
PID: 3944 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2900 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4948 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5104 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Blubb domain: Blubb-Neu
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: IAStorIcon
imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: HP Software Update
imagepath: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Name: Norton Online Backup
imagepath: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Name: Adobe ARM
imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: APSDaemon
imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: QuickTime Task
imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: CanonSolutionMenuEx
imagepath: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
Name: Malwarebytes' Anti-Malware
imagepath: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Name: avgnt
imagepath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Name: iTunesHelper
imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
imagepath: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: !SASCORE
displayname: SAS Core Service
Name: AdobeARMservice
displayname: Adobe Acrobat Update Service
Name: AntiVirMailService
displayname: Avira Email Schutz
Name: AntiVirSchedulerService
displayname: Avira Planer
Name: AntiVirService
displayname: Avira Echtzeit Scanner
Name: AntiVirWebService
displayname: Avira Browser Schutz
Name: Appinfo
displayname: Anwendungsinformationen
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
displayname: Windows-Audio
Name: BFE
displayname: Basisfiltermodul
Name: BITS
displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
displayname: Dienst "Bonjour"
Name: CryptSvc
displayname: Kryptografiedienste
Name: DcomLaunch
displayname: DCOM-Server-Prozessstart
Name: Dhcp
displayname: DHCP-Client
Name: Dnscache
displayname: DNS-Client
Name: DPS
displayname: Diagnoserichtliniendienst
Name: eventlog
displayname: Windows-Ereignisprotokoll
Name: EventSystem
displayname: COM+-Ereignissystem
Name: FontCache
displayname: Windows-Dienst für Schriftartencache
Name: gpsvc
displayname: Gruppenrichtlinienclient
Name: hidserv
displayname: Zugriff auf Eingabegeräte
Name: HP Support Assistant Service
displayname: HP Support Assistant Service
Name: HPClientSvc
displayname: HP Client Services
Name: HPDrvMntSvc.exe
displayname: HP Quick Synchronization Service
Name: IAStorDataMgrSvc
displayname: Intel(R) Rapid Storage Technology
Name: IKEEXT
displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
displayname: IP-Hilfsdienst
Name: iPod Service
displayname: iPod-Dienst
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: LMS
displayname: Intel(R) Management and Security Application Local Management Service
Name: MBAMService
displayname: MBAMService
Name: MMCSS
displayname: Multimediaklassenplaner
Name: MpsSvc
displayname: Windows-Firewall
Name: Netman
displayname: Netzwerkverbindungen
Name: netprofm
displayname: Netzwerklistendienst
Name: NlaSvc
displayname: NLA (Network Location Awareness)
Name: NOBU
displayname: Norton Online Backup
Name: nsi
displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: osppsvc
displayname: Office Software Protection Platform
Name: PcaSvc
displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
displayname: Plug & Play
Name: PolicyAgent
displayname: IPsec-Richtlinien-Agent
Name: Power
displayname: Stromversorgung
Name: ProfSvc
displayname: Benutzerprofildienst
Name: ProtectedStorage
displayname: Geschützter Speicher
Name: RasMan
displayname: RAS-Verbindungsverwaltung
Name: RpcEptMapper
displayname: RPC-Endpunktzuordnung
Name: RpcSs
displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
displayname: Sicherheitskonto-Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Aufgabenplanung
Name: seclogon
displayname: Sekundäre Anmeldung
Name: SENS
displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
displayname: Shellhardwareerkennung
Name: Spooler
displayname: Druckwarteschlange
Name: SSDPSRV
displayname: SSDP-Suche
Name: SstpSvc
displayname: SSTP-Dienst
Name: stisvc
displayname: Windows-Bilderfassung (WIA)
Name: SysMain
displayname: Superfetch
Name: TapiSrv
displayname: Telefonie
Name: Themes
displayname: Designs
Name: TrkWks
displayname: Überwachung verteilter Verknüpfungen (Client)
Name: UNS
displayname: Intel(R) Management & Security Application User Notification Service
Name: upnphost
displayname: UPnP-Gerätehost
Name: UxSms
displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
displayname: Diagnosediensthost
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows-Verwaltungsinstrumentation
Name: wlidsvc
displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
displayname: Sicherheitscenter
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
SuperAntiSpyware: Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/25/2012 at 11:23 PM
Application Version : 5.0.1142
Core Rules Database Version : 8154
Trace Rules Database Version: 5966
Scan type : Complete Scan
Total Scan Time : 00:45:22
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 616
Memory threats detected : 0
Registry items scanned : 42377
Registry threats detected : 0
File items scanned : 75917
File threats detected : 9
Adware.Tracking Cookie
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\EEJZNVNQ.txt [ /eas.apm.emediate.eu ]
C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\52XPJI6W.txt [ /invitemedia.com ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXMHDDDS.txt [ Cookie:blubb@webmasterplan.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQR2ITI5.txt [ Cookie:blubb@www.zanox-affiliate.de/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLMOVD8I.txt [ Cookie:blubb@zanox.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQSR89KX.txt [ Cookie:blubb@accounts.google.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQ0KUM41.txt [ Cookie:blubb@ad.zanox.com/ ]
C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WC65FL9.txt [ Cookie:blubb@adx.chip.de/ ]
C:\USERS\BLUBB\Cookies\EEJZNVNQ.txt [ Cookie:blubb@eas.apm.emediate.eu/ ]
OTL, das doch noch klappte, nachdem ich die Hosts-Datei einfach gelöscht habe (jemand meinte, ich könnte das durchaus tun):
OTL Logfile: Code:
OTL logfile created on: 1/25/2012 11:43:18 PM - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.87 Gb Total Physical Memory | 3.12 Gb Available Physical Memory | 53.12% Memory free
11.73 Gb Paging File | 9.19 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 732.89 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/11 15:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/01/23 22:51:46 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/25 13:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/24 11:50:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/23 22:48:48 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/23 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 14:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/23 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/23 01:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/22 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Avira
[2012/01/22 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/22 21:10:54 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/22 21:10:54 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/01/22 21:10:54 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/01/11 22:00:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/06 22:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/01/05 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
========== Files - Modified Within 30 Days ==========
[2012/01/25 19:24:56 | 000,839,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 19:24:56 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/25 19:24:56 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/25 19:24:56 | 000,004,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 19:24:56 | 000,004,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/25 13:03:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 13:03:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 12:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 12:55:38 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 12:38:14 | 000,046,962 | ---- | M] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | M] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/24 11:50:33 | 000,050,477 | ---- | M] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/23 22:51:45 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 19:12:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/23 14:31:44 | 000,016,150 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2012/01/23 14:06:39 | 000,001,224 | ---- | M] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/23 01:15:11 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/21 20:34:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2012/01/08 18:11:01 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/08 12:00:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/08 12:00:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/05 02:04:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
========== Files Created - No Company Name ==========
[2012/01/24 12:37:16 | 000,046,962 | ---- | C] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | C] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:33 | 000,050,477 | ---- | C] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/24 00:21:10 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 14:06:39 | 000,001,224 | ---- | C] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 01:15:11 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/30 20:02:46 | 000,016,150 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2012/01/13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/25 13:36:09 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- --- |
