Hallo zusammen,

heute Abend beim Surfen durchs Internet ging auf einmal mein Explorer zu und es öffnete sich das Programm SMART HDD!

Habe Google schon bemüht und bin letztendlich auf dieses Forum hier gestoßen und versuche mein Glück. Da dieses Problem schon öfter aufgetreten zu sein scheint und die Wege der Entferung bishin zur Wiederherstellung der Daten immer etwas von einander abweichen bitte ich hiermit um Hilfe bei der Lösung MEINES Problemes und bedanke im schon im Voraus für die Unterstützung!

Los gehts:

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Henß at 23:00:43 on 2012-04-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8191.6440 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\ProgramData\gjSoArQFjTNTYMc.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\6rNZ2OVk4uso6D.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Henß\Desktop\dds.com
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.hiergehtslos.de
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Google Update] "C:\Users\Henß\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [gjSoArQFjTNTYMc.exe] C:\ProgramData\gjSoArQFjTNTYMc.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - C:\Users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{4288E81E-5B0E-44CE-AA55-5840F5D86A4F} : DhcpNameServer = 192.168.178.1
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe
IE-X64: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-4 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-4 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-3 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 253600]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-28 136176]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-04-19 21:00:46 -------- d-----w- C:\Users\Hen?\AppData\Local\Microsoft
2012-04-19 19:28:17 241152 ---ha-w- C:\ProgramData\6rNZ2OVk4uso6D.exe
2012-04-19 19:18:15 321024 ---ha-w- C:\ProgramData\gjSoArQFjTNTYMc.exe
2012-04-17 14:56:45 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{56F51571-F085-422C-8F91-6A0CB7AF027C}\mpengine.dll
2012-04-11 19:53:39 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-11 19:53:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 19:53:39 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 19:53:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-11 19:53:38 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-11 19:53:38 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-11 19:53:38 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-06 10:00:19 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-26 15:41:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-21 20:21:48 -------- d--h--w- C:\Users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers
2012-03-21 20:21:38 -------- d--h--w- C:\Users\Henß\AppData\Roaming\DVDVideoSoft
2012-03-21 20:21:38 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-03-21 20:21:38 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
.
==================== Find3M ====================
.
2012-04-06 10:00:19 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:38:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 23:02:01,17 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16.12.2009 18:56:49
System Uptime: 19.04.2012 22:50:40 (1 hours ago)
.
Motherboard: ECS | | GF8200SM-M3
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 1378/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 313,237 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP451: 08.04.2012 19:00:07 - Windows-Sicherung
RP452: 10.04.2012 16:58:25 - Windows Update
RP453: 11.04.2012 21:53:20 - Windows Update
RP454: 14.04.2012 12:31:45 - Installed Nero - Burning Rom
RP455: 15.04.2012 19:00:07 - Windows-Sicherung
RP456: 17.04.2012 16:56:02 - Windows Update
RP458: 19.04.2012 22:34:04 - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.5.1 - Deutsch
Amazon MP3-Downloader 1.0.9
ArcSoft WebCam Companion 3
Avira Free Antivirus
AVM FRITZ!DSL
D3DX10
Free YouTube to MP3 Converter version 3.11.17.319
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
ICQ7.4
Java Auto Updater
Java(TM) 6 Update 29
Left 4 Dead 2
Light Image Resizer 4.0.8.0
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.25)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NAVIGON Fresh 3.3.2
Nero - Burning Rom
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.0
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows SideShow Managed Runtime 1.0
WinRAR
.
==== End Of File ===========================

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

• Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
• Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
• Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
• Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe
• Drücke Start Scan
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
  Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Hallo Daniel,

hier der Inhalt:

13:53:19.0367 3628 TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
13:53:19.0585 3628 ============================================================
13:53:19.0585 3628 Current date / time: 2012/04/20 13:53:19.0585
13:53:19.0585 3628 SystemInfo:
13:53:19.0585 3628
13:53:19.0585 3628 OS Version: 6.1.7601 ServicePack: 1.0
13:53:19.0585 3628 Product type: Workstation
13:53:19.0585 3628 ComputerName: HENß-FAB
13:53:19.0585 3628 UserName: Henß
13:53:19.0585 3628 Windows directory: C:\Windows
13:53:19.0585 3628 System windows directory: C:\Windows
13:53:19.0585 3628 Running under WOW64
13:53:19.0585 3628 Processor architecture: Intel x64
13:53:19.0585 3628 Number of processors: 4
13:53:19.0585 3628 Page size: 0x1000
13:53:19.0585 3628 Boot type: Normal boot
13:53:19.0585 3628 ============================================================
13:53:33.0703 3628 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:53:33.0719 3628 \Device\Harddisk0\DR0:
13:53:33.0719 3628 MBR partitions:
13:53:33.0719 3628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
13:53:33.0797 3628 C: <-> \Device\Harddisk0\DR0\Partition0
13:53:33.0797 3628 Initialize success
13:53:33.0797 3628 ============================================================
13:53:44.0810 0980 ============================================================
13:53:44.0810 0980 Scan started
13:53:44.0810 0980 Mode: Manual;
13:53:44.0810 0980 ============================================================
13:53:52.0127 0980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:53:52.0127 0980 1394ohci - ok
13:53:52.0314 0980 aadev - ok
13:53:52.0501 0980 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:53:52.0517 0980 ACDaemon - ok
13:53:52.0860 0980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:53:52.0875 0980 ACPI - ok
13:53:53.0094 0980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:53:53.0094 0980 AcpiPmi - ok
13:53:53.0343 0980 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:53:53.0359 0980 AdobeFlashPlayerUpdateSvc - ok
13:53:53.0546 0980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:53:53.0562 0980 adp94xx - ok
13:53:53.0780 0980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:53:53.0780 0980 adpahci - ok
13:53:53.0874 0980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:53:53.0874 0980 adpu320 - ok
13:53:53.0983 0980 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:53:53.0999 0980 AeLookupSvc - ok
13:53:54.0638 0980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:53:54.0669 0980 AFD - ok
13:53:55.0044 0980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:53:55.0044 0980 agp440 - ok
13:53:55.0371 0980 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:53:55.0418 0980 ALG - ok
13:53:55.0699 0980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:53:55.0699 0980 aliide - ok
13:53:56.0183 0980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:53:56.0183 0980 amdide - ok
13:53:56.0666 0980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:53:56.0682 0980 AmdK8 - ok
13:53:57.0165 0980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:53:57.0165 0980 AmdPPM - ok
13:53:57.0509 0980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:53:57.0509 0980 amdsata - ok
13:53:57.0867 0980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:53:57.0883 0980 amdsbs - ok
13:53:58.0195 0980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:53:58.0211 0980 amdxata - ok
13:53:58.0538 0980 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:53:58.0554 0980 AntiVirSchedulerService - ok
13:53:58.0757 0980 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:53:58.0772 0980 AntiVirService - ok
13:53:59.0084 0980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:53:59.0178 0980 AppID - ok
13:53:59.0349 0980 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:53:59.0412 0980 AppIDSvc - ok
13:53:59.0630 0980 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:53:59.0646 0980 Appinfo - ok
13:53:59.0817 0980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:53:59.0817 0980 arc - ok
13:54:00.0161 0980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:54:00.0161 0980 arcsas - ok
13:54:00.0379 0980 aspnet_state - ok
13:54:00.0831 0980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:00.0831 0980 AsyncMac - ok
13:54:01.0284 0980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:54:01.0284 0980 atapi - ok
13:54:01.0986 0980 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:54:02.0142 0980 AudioEndpointBuilder - ok
13:54:02.0204 0980 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:54:02.0204 0980 AudioSrv - ok
13:54:02.0766 0980 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:54:02.0781 0980 avgntflt - ok
13:54:03.0296 0980 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:54:03.0312 0980 avipbb - ok
13:54:03.0842 0980 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:54:03.0842 0980 avkmgr - ok
13:54:04.0107 0980 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:54:04.0154 0980 AxInstSV - ok
13:54:04.0607 0980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:54:04.0638 0980 b06bdrv - ok
13:54:05.0340 0980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:54:05.0371 0980 b57nd60a - ok
13:54:06.0042 0980 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:54:06.0104 0980 BDESVC - ok
13:54:06.0759 0980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:54:06.0759 0980 Beep - ok
13:54:07.0212 0980 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:54:07.0290 0980 BFE - ok
13:54:07.0524 0980 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:54:07.0571 0980 BITS - ok
13:54:07.0836 0980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:54:07.0836 0980 blbdrive - ok
13:54:08.0085 0980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:54:08.0085 0980 bowser - ok
13:54:08.0241 0980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:54:08.0241 0980 BrFiltLo - ok
13:54:08.0756 0980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:54:08.0756 0980 BrFiltUp - ok
13:54:09.0177 0980 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:54:09.0177 0980 Browser - ok
13:54:09.0895 0980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:54:09.0895 0980 Brserid - ok
13:54:10.0566 0980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:54:10.0566 0980 BrSerWdm - ok
13:54:11.0081 0980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:54:11.0096 0980 BrUsbMdm - ok
13:54:11.0751 0980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:54:11.0751 0980 BrUsbSer - ok
13:54:12.0188 0980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:54:12.0188 0980 BTHMODEM - ok
13:54:12.0609 0980 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:54:12.0656 0980 bthserv - ok
13:54:13.0093 0980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:54:13.0093 0980 cdfs - ok
13:54:13.0499 0980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
13:54:13.0499 0980 cdrom - ok
13:54:13.0717 0980 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:54:13.0826 0980 CertPropSvc - ok
13:54:13.0967 0980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:54:13.0967 0980 circlass - ok
13:54:14.0107 0980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:54:14.0107 0980 CLFS - ok
13:54:14.0232 0980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:14.0325 0980 clr_optimization_v2.0.50727_32 - ok
13:54:14.0591 0980 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:54:14.0793 0980 clr_optimization_v2.0.50727_64 - ok
13:54:15.0308 0980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:15.0495 0980 clr_optimization_v4.0.30319_32 - ok
13:54:15.0979 0980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:54:15.0979 0980 clr_optimization_v4.0.30319_64 - ok
13:54:16.0229 0980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:54:16.0229 0980 CmBatt - ok
13:54:16.0338 0980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:54:16.0338 0980 cmdide - ok
13:54:16.0697 0980 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:54:16.0728 0980 CNG - ok
13:54:17.0024 0980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:54:17.0024 0980 Compbatt - ok
13:54:17.0289 0980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:54:17.0289 0980 CompositeBus - ok
13:54:17.0492 0980 COMSysApp - ok
13:54:17.0711 0980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:54:17.0711 0980 crcdisk - ok
13:54:18.0069 0980 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:54:18.0116 0980 CryptSvc - ok
13:54:18.0303 0980 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:54:18.0335 0980 DcomLaunch - ok
13:54:18.0818 0980 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:54:19.0005 0980 defragsvc - ok
13:54:19.0208 0980 de_serv (48a90f76dfafdf80845ace13576f425b) C:\Program Files (x86)\Common Files\AVM\de_serv.exe
13:54:19.0302 0980 de_serv - ok
13:54:19.0973 0980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:54:19.0973 0980 DfsC - ok
13:54:20.0425 0980 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
13:54:20.0425 0980 dg_ssudbus - ok
13:54:20.0893 0980 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:54:20.0893 0980 Dhcp - ok
13:54:20.0940 0980 DIRECTIO - ok
13:54:21.0252 0980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:54:21.0252 0980 discache - ok
13:54:21.0564 0980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:54:21.0564 0980 Disk - ok
13:54:21.0782 0980 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:54:21.0813 0980 Dnscache - ok
13:54:22.0063 0980 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:54:22.0125 0980 dot3svc - ok
13:54:22.0391 0980 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:54:22.0391 0980 DPS - ok
13:54:22.0937 0980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:54:22.0937 0980 drmkaud - ok
13:54:23.0717 0980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:54:23.0732 0980 DXGKrnl - ok
13:54:23.0966 0980 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:54:24.0029 0980 EapHost - ok
13:54:24.0933 0980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:54:25.0043 0980 ebdrv - ok
13:54:25.0277 0980 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:54:25.0277 0980 EFS - ok
13:54:25.0511 0980 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:54:25.0604 0980 ehRecvr - ok
13:54:25.0791 0980 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:54:25.0869 0980 ehSched - ok
13:54:26.0493 0980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:54:26.0525 0980 elxstor - ok
13:54:26.0837 0980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:54:26.0837 0980 ErrDev - ok
13:54:27.0320 0980 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:54:27.0367 0980 EventSystem - ok
13:54:28.0116 0980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:54:28.0147 0980 exfat - ok
13:54:28.0568 0980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:54:28.0615 0980 fastfat - ok
13:54:29.0145 0980 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:54:29.0270 0980 Fax - ok
13:54:29.0660 0980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:54:29.0660 0980 fdc - ok
13:54:30.0019 0980 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:54:30.0019 0980 fdPHost - ok
13:54:30.0347 0980 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:54:30.0362 0980 FDResPub - ok
13:54:30.0690 0980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:54:30.0690 0980 FileInfo - ok
13:54:31.0017 0980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:54:31.0033 0980 Filetrace - ok
13:54:31.0298 0980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:54:31.0298 0980 flpydisk - ok
13:54:31.0813 0980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:54:31.0813 0980 FltMgr - ok
13:54:32.0234 0980 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:54:32.0312 0980 FontCache - ok
13:54:32.0733 0980 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:54:32.0843 0980 FontCache3.0.0.0 - ok
13:54:33.0123 0980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:54:33.0123 0980 FsDepends - ok
13:54:33.0389 0980 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:54:33.0389 0980 Fs_Rec - ok
13:54:33.0732 0980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:54:33.0747 0980 fvevol - ok
13:54:34.0122 0980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:54:34.0122 0980 gagp30kx - ok
13:54:34.0668 0980 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:54:34.0715 0980 gpsvc - ok
13:54:35.0167 0980 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:54:35.0167 0980 gupdate - ok
13:54:35.0370 0980 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:54:35.0370 0980 gupdatem - ok
13:54:35.0822 0980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:54:35.0822 0980 hcw85cir - ok
13:54:36.0290 0980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:54:36.0321 0980 HdAudAddService - ok
13:54:36.0774 0980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:54:36.0774 0980 HDAudBus - ok
13:54:37.0179 0980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:54:37.0179 0980 HidBatt - ok
13:54:37.0491 0980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:54:37.0491 0980 HidBth - ok
13:54:37.0881 0980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:54:37.0881 0980 HidIr - ok
13:54:38.0147 0980 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:54:38.0162 0980 hidserv - ok
13:54:38.0537 0980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:54:38.0537 0980 HidUsb - ok
13:54:38.0817 0980 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:54:38.0849 0980 hkmsvc - ok
13:54:39.0145 0980 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:54:39.0223 0980 HomeGroupListener - ok
13:54:39.0504 0980 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:54:39.0519 0980 HomeGroupProvider - ok
13:54:39.0956 0980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:54:39.0956 0980 HpSAMD - ok
13:54:40.0518 0980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:54:40.0533 0980 HTTP - ok
13:54:40.0814 0980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:54:40.0814 0980 hwpolicy - ok
13:54:41.0220 0980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:54:41.0220 0980 i8042prt - ok
13:54:41.0672 0980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:54:41.0688 0980 iaStorV - ok
13:54:42.0125 0980 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:54:42.0546 0980 idsvc - ok
13:54:42.0967 0980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:54:42.0967 0980 iirsp - ok
13:54:43.0513 0980 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:54:43.0669 0980 IKEEXT - ok
13:54:43.0934 0980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:54:43.0934 0980 intelide - ok
13:54:44.0340 0980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:54:44.0340 0980 intelppm - ok
13:54:44.0652 0980 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:54:44.0683 0980 IPBusEnum - ok
13:54:45.0011 0980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:54:45.0011 0980 IpFilterDriver - ok
13:54:45.0416 0980 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:54:45.0541 0980 iphlpsvc - ok
13:54:45.0775 0980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:54:45.0775 0980 IPMIDRV - ok
13:54:46.0103 0980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:54:46.0103 0980 IPNAT - ok
13:54:46.0649 0980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:54:46.0649 0980 IRENUM - ok
13:54:47.0117 0980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:54:47.0117 0980 isapnp - ok
13:54:47.0553 0980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:54:47.0569 0980 iScsiPrt - ok
13:54:48.0006 0980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:54:48.0006 0980 kbdclass - ok
13:54:48.0458 0980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:54:48.0458 0980 kbdhid - ok
13:54:48.0801 0980 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:54:48.0801 0980 KeyIso - ok
13:54:49.0254 0980 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:54:49.0254 0980 KSecDD - ok
13:54:49.0691 0980 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:54:49.0691 0980 KSecPkg - ok
13:54:49.0940 0980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:54:49.0940 0980 ksthunk - ok
13:54:50.0268 0980 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:54:50.0471 0980 KtmRm - ok
13:54:50.0923 0980 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:54:51.0001 0980 LanmanServer - ok
13:54:51.0251 0980 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:54:51.0297 0980 LanmanWorkstation - ok
13:54:51.0765 0980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:54:51.0765 0980 lltdio - ok
13:54:52.0249 0980 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:54:52.0327 0980 lltdsvc - ok
13:54:52.0717 0980 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:54:52.0764 0980 lmhosts - ok
13:54:53.0201 0980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:54:53.0201 0980 LSI_FC - ok
13:54:53.0622 0980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:54:53.0622 0980 LSI_SAS - ok
13:54:53.0996 0980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:54:53.0996 0980 LSI_SAS2 - ok
13:54:54.0480 0980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:54:54.0480 0980 LSI_SCSI - ok
13:54:55.0088 0980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:54:55.0104 0980 luafv - ok
13:54:55.0463 0980 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:54:55.0525 0980 Mcx2Svc - ok
13:54:56.0055 0980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:54:56.0055 0980 megasas - ok
13:54:56.0617 0980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:54:56.0633 0980 MegaSR - ok
13:54:57.0101 0980 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:54:57.0116 0980 MMCSS - ok
13:54:57.0631 0980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:54:57.0631 0980 Modem - ok
13:54:58.0130 0980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:54:58.0130 0980 monitor - ok
13:54:58.0614 0980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:54:58.0614 0980 mouclass - ok
13:54:59.0129 0980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:54:59.0144 0980 mouhid - ok
13:54:59.0519 0980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:54:59.0519 0980 mountmgr - ok
13:54:59.0831 0980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:54:59.0831 0980 mpio - ok
13:55:00.0236 0980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:55:00.0236 0980 mpsdrv - ok
13:55:00.0735 0980 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:55:01.0063 0980 MpsSvc - ok
13:55:01.0500 0980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:55:01.0500 0980 MRxDAV - ok
13:55:02.0046 0980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:55:02.0046 0980 mrxsmb - ok
13:55:02.0483 0980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:55:02.0498 0980 mrxsmb10 - ok
13:55:02.0841 0980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:55:02.0841 0980 mrxsmb20 - ok
13:55:03.0278 0980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:55:03.0278 0980 msahci - ok
13:55:03.0653 0980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:55:03.0668 0980 msdsm - ok
13:55:03.0996 0980 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:55:04.0043 0980 MSDTC - ok
13:55:04.0682 0980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:55:04.0682 0980 Msfs - ok
13:55:05.0072 0980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:55:05.0072 0980 mshidkmdf - ok
13:55:05.0369 0980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:55:05.0369 0980 msisadrv - ok
13:55:05.0899 0980 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:55:05.0977 0980 MSiSCSI - ok
13:55:06.0273 0980 msiserver - ok
13:55:06.0882 0980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:55:06.0882 0980 MSKSSRV - ok
13:55:07.0287 0980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:55:07.0287 0980 MSPCLOCK - ok
13:55:07.0740 0980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:55:07.0740 0980 MSPQM - ok
13:55:08.0021 0980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:55:08.0036 0980 MsRPC - ok
13:55:08.0317 0980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:55:08.0317 0980 mssmbios - ok
13:55:08.0660 0980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:55:08.0660 0980 MSTEE - ok
13:55:08.0925 0980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:55:08.0941 0980 MTConfig - ok
13:55:09.0206 0980 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
13:55:09.0206 0980 MTsensor - ok
13:55:09.0518 0980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:55:09.0518 0980 Mup - ok
13:55:09.0690 0980 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:55:09.0721 0980 napagent - ok
13:55:10.0298 0980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:55:10.0314 0980 NativeWifiP - ok
13:55:10.0907 0980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:55:10.0938 0980 NDIS - ok
13:55:11.0406 0980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:55:11.0406 0980 NdisCap - ok
13:55:11.0905 0980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:55:11.0905 0980 NdisTapi - ok
13:55:12.0279 0980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:55:12.0295 0980 Ndisuio - ok
13:55:12.0825 0980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:55:12.0841 0980 NdisWan - ok
13:55:13.0247 0980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:55:13.0247 0980 NDProxy - ok
13:55:13.0668 0980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:55:13.0668 0980 NetBIOS - ok
13:55:14.0105 0980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:55:14.0136 0980 NetBT - ok
13:55:14.0432 0980 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:14.0432 0980 Netlogon - ok
13:55:14.0869 0980 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:55:14.0900 0980 Netman - ok
13:55:15.0431 0980 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:55:15.0462 0980 netprofm - ok
13:55:15.0805 0980 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:55:15.0899 0980 NetTcpPortSharing - ok
13:55:16.0273 0980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:55:16.0273 0980 nfrd960 - ok
13:55:16.0757 0980 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:55:16.0772 0980 NlaSvc - ok
13:55:16.0975 0980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:55:16.0975 0980 Npfs - ok
13:55:17.0240 0980 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:55:17.0271 0980 nsi - ok
13:55:17.0568 0980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:55:17.0568 0980 nsiproxy - ok
13:55:18.0441 0980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:55:18.0535 0980 Ntfs - ok
13:55:19.0050 0980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:55:19.0050 0980 Null - ok
13:55:19.0580 0980 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
13:55:19.0611 0980 NVENETFD - ok
13:55:20.0173 0980 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
13:55:20.0189 0980 NVHDA - ok
13:55:22.0856 0980 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:55:22.0919 0980 nvlddmkm - ok
13:55:23.0371 0980 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
13:55:23.0387 0980 NVNET - ok
13:55:23.0839 0980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:55:23.0839 0980 nvraid - ok
13:55:24.0245 0980 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
13:55:24.0245 0980 nvsmu - ok
13:55:24.0713 0980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:55:24.0713 0980 nvstor - ok
13:55:25.0243 0980 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
13:55:25.0337 0980 nvsvc - ok
13:55:25.0898 0980 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:55:25.0945 0980 nvUpdatusService - ok
13:55:26.0288 0980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:55:26.0288 0980 nv_agp - ok
13:55:26.0678 0980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:55:26.0678 0980 ohci1394 - ok
13:55:27.0068 0980 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:55:27.0084 0980 p2pimsvc - ok
13:55:27.0411 0980 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:55:27.0583 0980 p2psvc - ok
13:55:27.0895 0980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:55:27.0911 0980 Parport - ok
13:55:28.0301 0980 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:55:28.0301 0980 partmgr - ok
13:55:28.0737 0980 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:55:28.0753 0980 PcaSvc - ok
13:55:29.0330 0980 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:55:29.0330 0980 pccsmcfd - ok
13:55:29.0705 0980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:55:29.0720 0980 pci - ok
13:55:30.0110 0980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:55:30.0126 0980 pciide - ok
13:55:30.0563 0980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:55:30.0578 0980 pcmcia - ok
13:55:31.0015 0980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:55:31.0015 0980 pcw - ok
13:55:31.0483 0980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:55:31.0530 0980 PEAUTH - ok
13:55:31.0857 0980 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:55:31.0889 0980 PerfHost - ok
13:55:32.0528 0980 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:55:32.0903 0980 pla - ok
13:55:33.0511 0980 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:55:33.0527 0980 PlugPlay - ok
13:55:33.0807 0980 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:55:33.0839 0980 PNRPAutoReg - ok
13:55:34.0291 0980 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:55:34.0307 0980 PNRPsvc - ok
13:55:34.0712 0980 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:55:34.0743 0980 PolicyAgent - ok
13:55:35.0102 0980 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:55:35.0118 0980 Power - ok
13:55:35.0555 0980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:55:35.0555 0980 PptpMiniport - ok
13:55:35.0835 0980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:55:35.0851 0980 Processor - ok
13:55:36.0257 0980 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:55:36.0319 0980 ProfSvc - ok
13:55:36.0756 0980 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:36.0756 0980 ProtectedStorage - ok
13:55:37.0255 0980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:55:37.0255 0980 Psched - ok
13:55:38.0066 0980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:55:38.0097 0980 ql2300 - ok
13:55:38.0550 0980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:55:38.0550 0980 ql40xx - ok
13:55:39.0049 0980 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:55:39.0174 0980 QWAVE - ok
13:55:39.0548 0980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:55:39.0548 0980 QWAVEdrv - ok
13:55:39.0985 0980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:55:40.0001 0980 RasAcd - ok
13:55:40.0344 0980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:55:40.0344 0980 RasAgileVpn - ok
13:55:40.0640 0980 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:55:40.0671 0980 RasAuto - ok
13:55:41.0077 0980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:55:41.0077 0980 Rasl2tp - ok
13:55:41.0576 0980 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:55:41.0670 0980 RasMan - ok
13:55:42.0029 0980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:55:42.0044 0980 RasPppoe - ok
13:55:42.0497 0980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:55:42.0512 0980 RasSstp - ok
13:55:43.0011 0980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:55:43.0027 0980 rdbss - ok
13:55:43.0479 0980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:55:43.0479 0980 rdpbus - ok
13:55:43.0901 0980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:55:43.0901 0980 RDPCDD - ok
13:55:44.0322 0980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:55:44.0322 0980 RDPENCDD - ok
13:55:44.0759 0980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:55:44.0759 0980 RDPREFMP - ok
13:55:45.0195 0980 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:55:45.0195 0980 RDPWD - ok
13:55:45.0679 0980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:55:45.0679 0980 rdyboost - ok
13:55:46.0085 0980 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:55:46.0100 0980 RemoteAccess - ok
13:55:46.0537 0980 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:55:46.0584 0980 RemoteRegistry - ok
13:55:47.0005 0980 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:55:47.0052 0980 RpcEptMapper - ok
13:55:47.0286 0980 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:55:47.0364 0980 RpcLocator - ok
13:55:47.0738 0980 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:55:47.0754 0980 RpcSs - ok
13:55:48.0315 0980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:55:48.0315 0980 rspndr - ok
13:55:48.0643 0980 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:55:48.0643 0980 SamSs - ok
13:55:48.0955 0980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:55:48.0955 0980 sbp2port - ok
13:55:49.0361 0980 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:55:49.0439 0980 SCardSvr - ok
13:55:49.0891 0980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:55:49.0891 0980 scfilter - ok
13:55:50.0593 0980 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:55:51.0170 0980 Schedule - ok
13:55:51.0716 0980 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:55:51.0716 0980 SCPolicySvc - ok
13:55:52.0122 0980 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:55:52.0137 0980 SDRSVC - ok
13:55:52.0683 0980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:55:52.0683 0980 secdrv - ok
13:55:53.0292 0980 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:55:53.0401 0980 seclogon - ok
13:55:53.0838 0980 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:55:53.0853 0980 SENS - ok
13:55:54.0321 0980 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:55:54.0368 0980 SensrSvc - ok
13:55:54.0961 0980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:55:54.0961 0980 Serenum - ok
13:55:55.0866 0980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:55:55.0866 0980 Serial - ok
13:55:56.0349 0980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:55:56.0381 0980 sermouse - ok
13:55:56.0864 0980 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:55:56.0880 0980 SessionEnv - ok
13:55:57.0285 0980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:55:57.0285 0980 sffdisk - ok
13:55:57.0722 0980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:55:57.0722 0980 sffp_mmc - ok
13:55:58.0097 0980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:55:58.0097 0980 sffp_sd - ok
13:55:58.0736 0980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:55:58.0736 0980 sfloppy - ok
13:55:59.0329 0980 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:55:59.0563 0980 SharedAccess - ok
13:55:59.0937 0980 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:55:59.0953 0980 ShellHWDetection - ok
13:56:00.0421 0980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:56:00.0421 0980 SiSRaid2 - ok
13:56:00.0795 0980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:56:00.0795 0980 SiSRaid4 - ok
13:56:01.0201 0980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:56:01.0201 0980 Smb - ok
13:56:01.0607 0980 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:56:01.0669 0980 SNMPTRAP - ok
13:56:02.0168 0980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:56:02.0168 0980 spldr - ok
13:56:02.0621 0980 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:56:02.0636 0980 Spooler - ok
13:56:03.0666 0980 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:56:03.0775 0980 sppsvc - ok
13:56:04.0149 0980 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:56:04.0196 0980 sppuinotify - ok
13:56:04.0539 0980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:56:04.0571 0980 srv - ok
13:56:04.0867 0980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:56:04.0883 0980 srv2 - ok
13:56:05.0210 0980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:56:05.0210 0980 srvnet - ok
13:56:05.0553 0980 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:56:05.0569 0980 SSDPSRV - ok
13:56:05.0819 0980 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:56:05.0850 0980 SstpSvc - ok
13:56:06.0193 0980 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
13:56:06.0193 0980 ssudmdm - ok
13:56:06.0708 0980 Steam Client Service - ok
13:56:07.0035 0980 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:56:07.0051 0980 Stereo Service - ok
13:56:07.0363 0980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:56:07.0363 0980 stexstor - ok
13:56:07.0737 0980 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:56:07.0847 0980 stisvc - ok
13:56:08.0112 0980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:56:08.0112 0980 swenum - ok
13:56:08.0377 0980 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:56:08.0455 0980 swprv - ok
13:56:08.0829 0980 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:56:09.0219 0980 SysMain - ok
13:56:09.0453 0980 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:56:09.0516 0980 TabletInputService - ok
13:56:09.0641 0980 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:56:09.0703 0980 TapiSrv - ok
13:56:09.0984 0980 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:56:09.0984 0980 TBS - ok
13:56:10.0826 0980 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:56:10.0889 0980 Tcpip - ok
13:56:11.0700 0980 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:56:11.0715 0980 TCPIP6 - ok
13:56:12.0090 0980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:56:12.0090 0980 tcpipreg - ok
13:56:12.0480 0980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:56:12.0480 0980 TDPIPE - ok
13:56:12.0776 0980 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:56:12.0776 0980 TDTCP - ok
13:56:13.0119 0980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:56:13.0119 0980 tdx - ok
13:56:13.0338 0980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:56:13.0353 0980 TermDD - ok
13:56:13.0634 0980 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:56:13.0806 0980 TermService - ok
13:56:14.0133 0980 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:56:14.0149 0980 Themes - ok
13:56:14.0336 0980 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:56:14.0336 0980 THREADORDER - ok
13:56:14.0586 0980 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:56:14.0601 0980 TrkWks - ok
13:56:14.0835 0980 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:56:14.0882 0980 TrustedInstaller - ok
13:56:15.0303 0980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:15.0303 0980 tssecsrv - ok
13:56:15.0756 0980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:56:15.0771 0980 TsUsbFlt - ok
13:56:16.0193 0980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:56:16.0193 0980 tunnel - ok
13:56:16.0489 0980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:56:16.0489 0980 uagp35 - ok
13:56:16.0832 0980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:56:16.0848 0980 udfs - ok
13:56:17.0129 0980 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:56:17.0175 0980 UI0Detect - ok
13:56:17.0550 0980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:56:17.0550 0980 uliagpkx - ok
13:56:17.0924 0980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:56:17.0924 0980 umbus - ok
13:56:18.0205 0980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:56:18.0205 0980 UmPass - ok
13:56:18.0533 0980 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:56:18.0579 0980 upnphost - ok
13:56:18.0876 0980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:18.0891 0980 usbccgp - ok
13:56:19.0235 0980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:56:19.0235 0980 usbcir - ok
13:56:19.0484 0980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:56:19.0484 0980 usbehci - ok
13:56:19.0890 0980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:56:19.0890 0980 usbhub - ok
13:56:20.0217 0980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:56:20.0217 0980 usbohci - ok
13:56:20.0623 0980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:56:20.0623 0980 usbprint - ok
13:56:20.0873 0980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:20.0873 0980 USBSTOR - ok
13:56:21.0247 0980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:56:21.0247 0980 usbuhci - ok
13:56:21.0653 0980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:56:21.0653 0980 usbvideo - ok
13:56:21.0918 0980 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:56:21.0933 0980 UxSms - ok
13:56:22.0277 0980 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:22.0277 0980 VaultSvc - ok
13:56:22.0713 0980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:56:22.0713 0980 vdrvroot - ok
13:56:23.0166 0980 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:56:23.0291 0980 vds - ok
13:56:23.0665 0980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:23.0665 0980 vga - ok
13:56:23.0977 0980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:56:23.0993 0980 VgaSave - ok
13:56:24.0383 0980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:56:24.0398 0980 vhdmp - ok
13:56:24.0773 0980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:56:24.0773 0980 viaide - ok
13:56:25.0131 0980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:56:25.0131 0980 volmgr - ok
13:56:25.0428 0980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:56:25.0475 0980 volmgrx - ok
13:56:25.0693 0980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:56:25.0740 0980 volsnap - ok
13:56:26.0145 0980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:56:26.0145 0980 vsmraid - ok
13:56:26.0754 0980 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:56:26.0957 0980 VSS - ok
13:56:27.0222 0980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:56:27.0222 0980 vwifibus - ok
13:56:27.0425 0980 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:56:27.0627 0980 W32Time - ok
13:56:27.0924 0980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:56:27.0924 0980 WacomPen - ok
13:56:28.0283 0980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:28.0298 0980 WANARP - ok
13:56:28.0454 0980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:56:28.0454 0980 Wanarpv6 - ok
13:56:28.0907 0980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:56:29.0109 0980 wbengine - ok
13:56:29.0484 0980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:56:29.0515 0980 WbioSrvc - ok
13:56:29.0827 0980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:56:29.0967 0980 wcncsvc - ok
13:56:30.0248 0980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:56:30.0279 0980 WcsPlugInService - ok
13:56:30.0560 0980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:56:30.0560 0980 Wd - ok
13:56:30.0857 0980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:56:30.0888 0980 Wdf01000 - ok
13:56:31.0122 0980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:56:31.0137 0980 WdiServiceHost - ok
13:56:31.0153 0980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:56:31.0153 0980 WdiSystemHost - ok
13:56:31.0325 0980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:56:31.0418 0980 WebClient - ok
13:56:31.0715 0980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:56:31.0761 0980 Wecsvc - ok
13:56:32.0011 0980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:56:32.0027 0980 wercplsupport - ok
13:56:32.0276 0980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:56:32.0292 0980 WerSvc - ok
13:56:32.0775 0980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:32.0775 0980 WfpLwf - ok
13:56:32.0916 0980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:56:32.0916 0980 WIMMount - ok
13:56:33.0009 0980 WinDefend - ok
13:56:33.0025 0980 WinHttpAutoProxySvc - ok
13:56:33.0399 0980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:56:33.0462 0980 Winmgmt - ok
13:56:33.0930 0980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:56:34.0133 0980 WinRM - ok
13:56:34.0413 0980 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:56:34.0413 0980 WinUsb - ok
13:56:34.0616 0980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:56:34.0663 0980 Wlansvc - ok
13:56:35.0209 0980 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:56:35.0349 0980 wlidsvc - ok
13:56:35.0630 0980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:56:35.0630 0980 WmiAcpi - ok
13:56:36.0020 0980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:56:36.0114 0980 wmiApSrv - ok
13:56:36.0207 0980 WMPNetworkSvc - ok
13:56:36.0504 0980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:56:36.0519 0980 WPCSvc - ok
13:56:36.0691 0980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:56:36.0691 0980 WPDBusEnum - ok
13:56:36.0847 0980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:56:36.0863 0980 ws2ifsl - ok
13:56:37.0034 0980 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:56:37.0050 0980 wscsvc - ok
13:56:37.0346 0980 WSearch - ok
13:56:37.0845 0980 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:56:37.0939 0980 wuauserv - ok
13:56:38.0173 0980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:56:38.0173 0980 WudfPf - ok
13:56:38.0547 0980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:38.0547 0980 WUDFRd - ok
13:56:38.0859 0980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:56:38.0922 0980 wudfsvc - ok
13:56:39.0171 0980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:56:39.0203 0980 WwanSvc - ok
13:56:39.0234 0980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:56:39.0327 0980 \Device\Harddisk0\DR0 - ok
13:56:39.0343 0980 Boot (0x1200) (c274d69bb88ff43960baf6c07d061a2a) \Device\Harddisk0\DR0\Partition0
13:56:39.0374 0980 \Device\Harddisk0\DR0\Partition0 - ok
13:56:39.0374 0980 ============================================================
13:56:39.0374 0980 Scan finished
13:56:39.0374 0980 ============================================================
13:56:39.0390 0896 Detected object count: 0
13:56:39.0390 0896 Actual detected object count: 0

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop

• Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-04-20.03 - Henß 20.04.2012  19:40:47.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6726 [GMT 2:00]
ausgeführt von:: c:\users\Hen¯\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\6rNZ2OVk4uso6D
c:\users\HEN~1\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
c:\users\Henß\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
c:\users\Henß\AppData\Roaming\Local
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\SET408.tmp
c:\windows\SysWow64\SETE1BE.tmp
c:\windows\SysWow64\SETFC04.tmp
c:\windows\SysWow64\SETFE2B.tmp
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\SysWow64\tmp7DC.tmp
c:\windows\SysWow64\tmp80C.tmp
c:\windows\SysWow64\tmp8A1C.tmp
c:\windows\SysWow64\tmpA8BE.tmp
c:\windows\SysWow64\tmpA8ED.tmp
c:\windows\SysWow64\tmpD1B8.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-20 bis 2012-04-20  ))))))))))))))))))))))))))))))
.
.
2012-04-20 17:51 . 2012-04-20 17:51	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-20 17:51 . 2012-04-20 17:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-20 12:02 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D387E50D-2F7F-416D-889A-B62072E8C9C0}\mpengine.dll
2012-04-19 21:00 . 2012-04-19 21:00	--------	d-----w-	c:\users\Hen?
2012-04-11 19:53 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:53 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 19:53 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:53 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 19:53 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 19:53 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-11 19:53 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-06 10:00 . 2012-04-06 10:00	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 10:00 . 2012-04-06 10:00	--------	d-----w-	c:\windows\system32\Macromed
2012-03-26 15:41 . 2012-03-26 15:41	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-03-21 20:21 . 2012-03-21 20:21	--------	d--h--w-	c:\users\Henß\AppData\Roaming\DVDVideoSoft
2012-03-21 20:21 . 2012-03-21 20:21	--------	d-----w-	c:\program files (x86)\Common Files\DVDVideoSoft
2012-03-21 20:21 . 2012-03-21 20:21	--------	d-----w-	c:\program files (x86)\DVDVideoSoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 10:00 . 2011-07-16 15:26	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 13:12 . 2012-02-24 13:12	162664	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 08:18 . 2009-12-28 14:49	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 16:00	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:00	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:00	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:00	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:28 . 2012-01-04 15:55	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-10 06:36 . 2012-03-14 16:01	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 16:01	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 16:01	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 16:00	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 16:00	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 16:00	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-08 935824]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-08 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-08 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;e:\tools\BurnInTest\DirectIo.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:00]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 14:13]
.
2012-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 14:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hiergehtslos.de
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.hiergehtslos.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: extensions.BabylonToolbar_i.id - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.hardId - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15358
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-20  20:05:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-20 18:05
.
Vor Suchlauf: 6 Verzeichnis(se), 336.230.309.888 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 341.519.994.880 Bytes frei
.
- - End Of File - - 414D33FB09B98B6B9F6D1507CD337680
         

--- --- ---

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code: Alles auswählenAufklappen

ATTFilter

FireFox::
FF - ProfilePath - c:\users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hiergehtslos.de
FF - user.js: extensions.BabylonToolbar_i.id - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.hardId - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15358
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Reboot::
         

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

• Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
• Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
• Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
• Mache nichts am PC solange ComboFix läuft.

• In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
• Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Downloade bitte Grinler's unhide.exe auf deinem Desktop
Starte das Tool mit Doppelklick.

Wenn es seine Arbeit getan hat, wir eine Nachricht mit Done aufpoppen.
Es wird auch eine Logfile, Unhide.txt erstellen. Poste diese bitte hier.



Berichte wie der Rechner läuft

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 12-04-20.03 - Henß 21.04.2012  13:26:43.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8191.6929 [GMT 2:00]
ausgeführt von:: c:\users\Hen¯\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Hen¯\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HEN~1\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
c:\users\Henß\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-21 bis 2012-04-21  ))))))))))))))))))))))))))))))
.
.
2012-04-21 11:33 . 2012-04-21 11:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-21 11:33 . 2012-04-21 11:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-20 12:02 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D387E50D-2F7F-416D-889A-B62072E8C9C0}\mpengine.dll
2012-04-19 21:00 . 2012-04-19 21:00	--------	d-----w-	c:\users\Hen?
2012-04-11 19:53 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 19:53 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 19:53 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-11 19:53 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 19:53 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 19:53 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-11 19:53 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-06 10:00 . 2012-04-06 10:00	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-06 10:00 . 2012-04-06 10:00	--------	d-----w-	c:\windows\system32\Macromed
2012-03-26 15:41 . 2012-03-26 15:41	103864	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 10:00 . 2011-07-16 15:26	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-24 13:12 . 2012-02-24 13:12	162664	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 08:18 . 2009-12-28 14:49	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 16:00	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 16:00	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 16:00	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 16:00	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:28 . 2012-01-04 15:55	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-10 06:36 . 2012-03-14 16:01	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 16:01	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 16:01	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-14 16:00	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 16:00	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-14 16:00	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-04-20_17.53.05   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-17 16:52 . 2012-04-20 18:09	48506              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-20 18:09	32152              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-16 17:58 . 2012-04-20 18:09	20458              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3936659925-1959903571-3492710908-1000_UserData.bin
- 2009-12-16 16:44 . 2012-04-20 12:06	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 16:44 . 2012-04-20 18:19	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-16 16:44 . 2012-04-20 18:19	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-16 16:44 . 2012-04-20 12:06	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-20 12:06	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-20 18:19	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-07 23:00 . 2012-04-20 18:06	3384              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-20 17:52 . 2012-04-20 17:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 11:34 . 2012-04-21 11:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-21 11:34 . 2012-04-21 11:34	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-20 17:52 . 2012-04-20 17:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-17 18:29 . 2012-04-21 11:18	316304              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 05:01 . 2012-04-20 17:51	266088              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-21 11:33	266088              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-29 19:34 . 2012-04-21 11:34	5027808              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3936659925-1959903571-3492710908-1000-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-08 935824]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-08 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-08 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"NeroCheck"="c:\windows\SysWOW64\\NeroCheck.exe" [2001-07-09 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 DIRECTIO;DIRECTIO;e:\tools\BurnInTest\DirectIo.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:00]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 14:13]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 14:13]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hiergehtslos.de
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.hiergehtslos.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: extensions.BabylonToolbar_i.id - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.hardId - 680c4aa0000000000000002511c403be
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15358
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:27
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-21  13:47:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-21 11:47
ComboFix2.txt  2012-04-20 18:05
.
Vor Suchlauf: 16 Verzeichnis(se), 341.418.344.448 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 340.984.320.000 Bytes frei
.
- - End Of File - - 75195EF456D49E9759712D1F8B89988E
         

--- --- ---



Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/21/2012 01:57:06 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 275991 files processed.

The C:\Users\HEN~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/21/2012 02:08:21 PM
Execution time: 0 hours(s), 11 minute(s), and 14 seconds(s)



Alle meine Dateien sind wieder da und der Rechner läuft soweit flüssig!

Falls es das gewesen sein sollte, bedanke ich mich 1000 nein MILLIONENFACH für die Hilfe bei meinem Problem! Es ist schön, dass es noch Menschen auf der Welt gibt, denen das Wohl anderer Mitmenschen am Herzen liegt! Hört sich evtl. etwas komisch an, nur weis ich gerade nicht wie ich meine Dankbarkeit besser ausdrücken könnte!

jetzt sind mir doch noch ein paar Kleinigkeiten aufgefallen!

Es fehlen ganz eindeutig einige installierte Programme (wie z.B. Paint oder auch Nero) zudem ist unter "Programme" SmartHDD noch zu finden!

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 22.04.2012 18:29:28 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\Henß\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,48% Memory free
16,00 Gb Paging File | 14,39 Gb Available in Paging File | 89,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 316,48 Gb Free Space | 67,95% Space Free | Partition Type: NTFS
 
Computer Name: HENß-FAB | User Name: Henß | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.22 18:28:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Henß\Desktop\OTL.exe
PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.12.08 03:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 13:54:32 | 000,115,137 | ---- | M] () -- C:\Users\Henß\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll
MOD - [2012.04.11 21:59:36 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll
MOD - [2012.04.11 21:59:22 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll
MOD - [2012.04.11 21:59:18 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll
MOD - [2012.04.11 21:59:13 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll
MOD - [2012.04.11 21:59:10 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll
MOD - [2012.03.30 20:38:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll
MOD - [2012.03.30 20:36:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll
MOD - [2012.03.30 20:36:39 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll
MOD - [2012.03.29 22:57:42 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll
MOD - [2012.03.29 22:57:42 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll
MOD - [2012.03.29 22:57:36 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll
MOD - [2012.03.29 22:57:35 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll
MOD - [2012.03.29 22:57:30 | 014,414,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll
MOD - [2011.12.08 03:33:34 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.22 01:23:50 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.21 21:05:36 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.04.28 10:07:22 | 000,196,666 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVM\de_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 19:28:20 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 15:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.11.24 23:23:32 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.11.24 23:23:28 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.10.31 23:23:42 | 000,015,680 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.04.28 09:58:44 | 000,027,648 | ---- | M] (AVM Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Aadev.sys -- (aadev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Henß\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Henß\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Henß\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.22 14:02:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.17 16:52:44 | 000,000,000 | ---D | M]
 
[2011.05.07 10:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henß\AppData\Roaming\mozilla\Extensions
[2010.07.11 21:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henß\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.04 20:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions
[2012.03.21 22:21:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.19 20:27:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com
[2011.05.07 10:00:22 | 000,002,342 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icq-search.xml
[2011.08.18 16:20:14 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-1.xml
[2011.09.02 21:08:02 | 000,000,656 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-2.xml
[2011.09.08 16:43:50 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-3.xml
[2011.09.29 17:19:43 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-4.xml
[2011.11.12 21:53:16 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-5.xml
[2011.12.22 14:02:56 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin-6.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin.src
[2011.06.26 10:26:20 | 000,000,950 | ---- | M] () -- C:\Users\Henß\AppData\Roaming\Mozilla\Firefox\Profiles\c896bocj.default\searchplugins\icqplugin.xml
[2011.11.03 18:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.30 19:34:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.18 17:55:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.10 16:13:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.18 16:06:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.12 17:04:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.17 13:46:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.11.03 18:11:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\HENß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C896BOCJ.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
File not found (No name found) -- C:\USERS\HENß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C896BOCJ.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.26 10:26:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.26 10:26:11 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.26 10:26:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.26 10:26:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.26 10:26:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hen\u00DF\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hen\u00DF\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hen\u00DF\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Hen\u00DF\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
 
O1 HOSTS File: ([2012.04.21 13:33:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\SysWOW64\\NeroCheck.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4288E81E-5B0E-44CE-AA55-5840F5D86A4F}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.22 18:28:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Henß\Desktop\OTL.exe
[2012.04.22 17:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.04.21 13:47:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.21 13:35:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.04.20 19:37:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.20 19:37:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.20 19:37:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.20 19:37:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.20 19:37:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.19 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Henß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.18 20:30:29 | 000,000,000 | ---D | C] -- C:\Users\Henß\AppData\Local\{AA819096-6CD2-461A-B8DF-87FF3B366F35}
[2012.04.06 12:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.04.04 17:51:01 | 000,000,000 | ---D | C] -- C:\Users\Henß\AppData\Local\{B9E1AEDF-2E97-4A8D-912A-255DD1D1D72D}
[2012.04.03 17:43:50 | 000,000,000 | ---D | C] -- C:\Users\Henß\AppData\Local\{B33C1DA6-E13D-49A2-B6C5-0CB8274B300D}
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.22 18:28:17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Henß\Desktop\OTL.exe
[2012.04.22 18:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.22 17:52:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.22 17:05:11 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.22 13:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.22 11:08:18 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.22 11:08:18 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.22 11:01:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.22 11:00:47 | 2146,885,631 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.21 17:52:15 | 000,000,355 | ---- | M] () -- C:\Users\Henß\Desktop\Computer - Verknüpfung.lnk
[2012.04.21 13:33:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.04.19 22:56:05 | 000,000,000 | ---- | M] () -- C:\Users\Henß\defogger_reenable
[2012.04.19 22:52:41 | 000,000,176 | ---- | M] () -- C:\ProgramData\-6rNZ2OVk4uso6Dr
[2012.04.19 22:52:41 | 000,000,000 | ---- | M] () -- C:\ProgramData\-6rNZ2OVk4uso6D
[2012.04.16 22:07:25 | 001,064,291 | ---- | M] () -- C:\Users\Henß\Desktop\Unbenannt.png
[2012.04.15 21:49:03 | 001,527,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.15 21:49:03 | 000,664,618 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.15 21:49:03 | 000,624,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.15 21:49:03 | 000,134,786 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.15 21:49:03 | 000,110,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.14 15:58:17 | 000,002,364 | ---- | M] () -- C:\Users\Henß\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012.04.22 17:05:11 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.04.21 17:52:15 | 000,000,355 | ---- | C] () -- C:\Users\Henß\Desktop\Computer - Verknüpfung.lnk
[2012.04.20 19:37:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.20 19:37:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.20 19:37:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.20 19:37:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.20 19:37:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.19 22:56:05 | 000,000,000 | ---- | C] () -- C:\Users\Henß\defogger_reenable
[2012.04.19 22:52:41 | 000,000,176 | ---- | C] () -- C:\ProgramData\-6rNZ2OVk4uso6Dr
[2012.04.19 22:52:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\-6rNZ2OVk4uso6D
[2012.04.16 22:07:25 | 001,064,291 | ---- | C] () -- C:\Users\Henß\Desktop\Unbenannt.png
[2012.04.06 12:00:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.19 20:28:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.12.26 15:36:53 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.03.11 19:16:37 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.30 18:45:05 | 000,057,856 | ---- | C] () -- C:\Windows\Fce32.dll
[2010.12.30 18:45:03 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2010.12.30 18:44:52 | 000,092,672 | ---- | C] () -- C:\Windows\SysWow64\See32.dll
[2010.11.01 19:17:04 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.01 20:55:14 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
 
========== LOP Check ==========
 
[2011.07.11 18:51:23 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Amazon
[2011.06.04 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Auslogics
[2012.01.19 20:27:27 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Babylon
[2011.09.06 18:14:51 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\BeSpotted
[2012.03.21 22:21:57 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\DVDVideoSoft
[2012.03.21 22:21:48 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.05 22:19:28 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\FRITZ!
[2012.03.04 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\ICQ
[2010.03.06 16:03:24 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\J River
[2012.04.02 21:31:08 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\ObviousIdea
[2009.12.24 15:32:00 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\OpenOffice.org
[2011.03.05 17:51:34 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Opera
[2011.02.11 01:22:21 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\PC Suite
[2011.08.23 19:55:05 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Samsung
[2011.11.10 00:15:09 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Temp
[2010.07.11 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\Henß\AppData\Roaming\Thunderbird
[2010.03.26 16:57:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(41).TXT
[2012.01.15 20:19:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.04.21 13:35:18 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2010.06.25 18:35:09 | 000,000,000 | ---D | M] -- C:\0499752f7623d105ecddfb7cc1
[2011.05.22 11:28:41 | 000,000,000 | ---D | M] -- C:\Boot
[2012.04.22 17:05:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.16 19:56:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.03.10 14:01:16 | 000,000,000 | ---D | M] -- C:\found.000
[2010.09.26 00:57:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.12.30 00:23:58 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.29 19:47:14 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.20 19:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.12.16 19:56:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.04.21 13:47:25 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.12.16 19:56:46 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.04.22 18:31:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.06 23:43:10 | 000,000,000 | ---D | M] -- C:\Temp
[2012.04.19 23:00:46 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.26 15:41:03 | 000,000,000 | ---D | M] -- C:\UT2004
[2012.04.21 13:47:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >
         

--- --- ---
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 22.04.2012 18:29:28 - Run 1
OTL by OldTimer - Version 3.2.40.0     Folder = C:\Users\Henß\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,76 Gb Available Physical Memory | 84,48% Memory free
16,00 Gb Paging File | 14,39 Gb Available in Paging File | 89,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 316,48 Gb Free Space | 67,95% Space Free | Partition Type: NTFS
 
Computer Name: HENß-FAB | User Name: Henß | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.8.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"FRITZ!DSL" = AVM FRITZ!DSL
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Steam App 550" = Left 4 Dead 2
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.12.2011 11:49:05 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.12.2011 12:25:02 | Computer Name = Henß-FAB | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.12.2011 11:44:07 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.12.2011 11:44:07 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 08.12.2011 12:32:40 | Computer Name = Henß-FAB | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.12.2011 08:43:33 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.12.2011 08:43:33 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 09.12.2011 09:33:22 | Computer Name = Henß-FAB | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.12.2011 06:48:11 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.12.2011 06:48:11 | Computer Name = Henß-FAB | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 21.04.2012 07:34:49 | Computer Name = Henß-FAB | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\aadev.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.04.2012 07:34:49 | Computer Name = Henß-FAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVM ADSL Adapter Device" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1275
 
Error - 21.04.2012 07:34:49 | Computer Name = Henß-FAB | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 21.04.2012 07:54:12 | Computer Name = Henß-FAB | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\aadev.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.04.2012 07:54:12 | Computer Name = Henß-FAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVM ADSL Adapter Device" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1275
 
Error - 21.04.2012 08:16:56 | Computer Name = Henß-FAB | Source = DCOM | ID = 10010
Description = 
 
Error - 21.04.2012 19:21:01 | Computer Name = Henß-FAB | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\aadev.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 21.04.2012 19:21:01 | Computer Name = Henß-FAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVM ADSL Adapter Device" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1275
 
Error - 22.04.2012 05:00:56 | Computer Name = Henß-FAB | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\aadev.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.04.2012 05:00:56 | Computer Name = Henß-FAB | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVM ADSL Adapter Device" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1275
 
 
< End of report >
         

--- --- ---

Sorry, war gestern bisschen tot

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:otl
[2012.01.19 20:27:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com
File not found (No name found) -- C:\USERS\HENß\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C896BOCJ.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2012.04.19 21:28:32 | 000,000,000 | ---D | C] -- C:\Users\Henß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.19 22:52:41 | 000,000,176 | ---- | C] () -- C:\ProgramData\-6rNZ2OVk4uso6Dr
[2012.04.19 22:52:41 | 000,000,000 | ---- | C] () -- C:\ProgramData\-6rNZ2OVk4uso6D
:commands
[reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
  Kopiere nun den Inhalt hier in Deinen Thread

Poste mir bitte auch folgende Datei.
C:\Qoobox\ComboFix-quarantined-files.txt

kein Problem

========== OTL ==========
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Henß\AppData\Roaming\mozilla\Firefox\Profiles\c896bocj.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Henß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD folder moved successfully.
C:\ProgramData\-6rNZ2OVk4uso6Dr moved successfully.
C:\ProgramData\-6rNZ2OVk4uso6D moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.40.0 log created on 04232012_170949

Die brauche ich auch noch
C:\Qoobox\ComboFix-quarantined-files.txt

2012-04-21 11:26:41 . 2012-04-21 11:26:41 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2012-04-20 18:07:54 . 2012-04-20 18:07:54 115,137 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\35a21c59-6cef-4901-a8d6-b682815a126d\CliSecureRT.dll.vir
2012-04-20 18:02:24 . 2012-04-20 18:02:24 768 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-FRITZ!DSL.reg.dat
2012-04-20 18:02:24 . 2012-04-20 18:02:24 1,824 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Photoshop 7.0.reg.dat
2012-04-20 18:02:13 . 2012-04-21 11:46:02 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D}.reg.dat
2012-04-20 18:02:12 . 2012-04-20 18:02:12 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}.reg.dat
2012-04-20 18:01:22 . 2012-04-20 18:01:22 197 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-DivX Download Manager.reg.dat
2012-04-20 18:01:12 . 2012-04-20 18:01:12 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}.reg.dat
2012-04-20 17:44:52 . 2012-04-21 11:29:43 3,924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-20 17:44:10 . 2012-04-17 14:52:45 2,020 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\4\Adobe Reader 9.lnk
2012-04-20 17:44:10 . 2012-01-19 18:16:46 174 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\4\desktop.ini
2012-04-20 17:44:10 . 2009-12-23 00:31:37 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Hilfe zu WinRAR.lnk
2012-04-20 17:44:10 . 2009-12-23 00:31:37 1,037 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\WinRAR.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,094 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player.lnk
2012-04-20 17:44:10 . 2009-12-23 00:31:37 1,018 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,101 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Release Notes.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,190 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,165 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VideoLAN Website.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,110 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\VLC media player skinned.lnk
2012-04-20 17:44:10 . 2012-01-19 18:51:10 1,150 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\VideoLAN\Documentation.lnk
2012-04-20 17:44:10 . 2009-07-14 04:54:24 174 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
2012-04-20 17:44:10 . 2010-09-26 08:50:16 2,573 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam Support Center.lnk
2012-04-20 17:44:10 . 2010-09-26 14:41:26 941 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Steam\Steam.lnk
2012-04-20 17:44:10 . 2011-08-23 17:55:37 2,325 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Samsung\Kies\Uninstall Kies.lnk
2012-04-20 17:44:10 . 2011-08-23 17:55:37 1,987 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Samsung\Kies\Samsung Kies.lnk
2012-04-20 17:44:10 . 2011-09-06 16:14:43 112 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ObviousIdea\Light Image Resizer 4\Kurzanleitung für Light Image Resizer 4.url
2012-04-20 17:44:10 . 2011-09-06 16:14:43 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ObviousIdea\Light Image Resizer 4\Light Image Resizer 4 entfernen.lnk
2012-04-20 17:44:10 . 2011-09-06 16:14:43 998 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ObviousIdea\Light Image Resizer 4\Light Image Resizer 4 im Internet.lnk
2012-04-20 17:44:10 . 2011-09-06 16:14:43 1,230 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ObviousIdea\Light Image Resizer 4\Image Resizer 4.lnk
2012-04-20 17:44:10 . 2011-09-06 16:14:43 1,292 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ObviousIdea\Light Image Resizer 4\Assistent für digitale Bilderrahmen.lnk
2012-04-20 17:44:10 . 2012-01-03 16:16:47 2,167 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NVIDIA Corporation\3D Vision\3D Vision-Fotoanzeige.lnk
2012-04-20 17:44:10 . 2012-01-03 16:16:47 2,179 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NVIDIA Corporation\3D Vision\3D Vision-Vorschaukit 1.lnk
2012-04-20 17:44:10 . 2012-01-03 16:16:47 2,185 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NVIDIA Corporation\3D Vision\3D Vision deaktivieren.lnk
2012-04-20 17:44:10 . 2011-08-31 17:50:04 1,269 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NAVIGON\NAVIGON Fresh\NAVIGON Fresh.lnk
2012-04-20 17:44:10 . 2012-01-03 16:16:46 2,183 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NVIDIA Corporation\3D Vision\3D Vision aktivieren.lnk
2012-04-20 17:44:10 . 2011-08-31 17:50:04 956 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\NAVIGON\NAVIGON Fresh\Deinstallieren.lnk
2012-04-20 17:44:10 . 2011-05-07 08:00:05 1,989 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Abgesicherter Modus).lnk
2012-04-20 17:44:10 . 2011-05-07 08:00:05 1,967 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:09 1,212 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
2012-04-20 17:44:10 . 2012-02-16 21:41:35 2,273 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:07 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:09 606 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
2012-04-20 17:44:10 . 2009-07-14 04:57:07 1,304 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
2012-04-20 17:44:10 . 2011-02-02 20:53:41 1,852 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ICQ7.4\ICQ7.4.lnk
2012-04-20 17:44:10 . 2011-02-02 20:53:41 2,292 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ICQ7.4\Uninstall.lnk
2012-04-20 17:44:10 . 2012-02-09 18:00:34 2,154 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk
2012-04-20 17:44:10 . 2012-02-09 18:00:34 2,234 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Google Earth.lnk
2012-04-20 17:44:10 . 2012-02-09 18:00:34 2,150 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:12 360 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:12 376 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:12 370 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Microsoft.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:12 378 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
2012-04-20 17:44:10 . 2009-07-14 04:55:01 368 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:12 392 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
2012-04-20 17:44:10 . 2012-02-09 18:00:34 1,890 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Google Earth\Google Earth deinstallieren.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:12 474 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:11 470 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:12 466 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:12 352 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
2012-04-20 17:44:10 . 2009-12-15 10:58:12 1,128 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Desktop.ini
2012-04-20 17:44:10 . 2009-07-14 04:55:00 364 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
2012-04-20 17:44:10 . 2009-07-14 04:54:59 258 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
2012-04-20 17:44:10 . 2009-07-14 04:57:12 356 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,042 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\FRITZ!webProtect.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,042 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\WebWatch.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,042 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\FRITZ!web DSL.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,042 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\FRITZ!DSL Hilfe.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,030 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\FRITZ!DSL Readme.lnk
2012-04-20 17:44:10 . 2010-01-05 20:16:19 1,047 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\FRITZ!DSL\FRITZ!Box.lnk
2012-04-20 17:44:09 . 2012-03-21 20:21:44 1,227 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
2012-04-20 17:44:09 . 2012-03-21 20:21:44 1,432 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk
2012-04-20 17:44:09 . 2012-01-04 15:56:17 1,134 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Readme anzeigen.lnk
2012-04-20 17:44:09 . 2012-03-21 20:21:44 1,267 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
2012-04-20 17:44:09 . 2012-01-04 15:56:17 2,024 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira Free Antivirus starten.lnk
2012-04-20 17:44:09 . 2012-01-04 15:56:17 2,017 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira im Internet.lnk
2012-04-20 17:44:09 . 2010-12-30 19:14:37 2,032 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 3\WebCam Companion 3.lnk
2012-04-20 17:44:09 . 2012-01-04 15:56:17 2,001 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira Free Antivirus Hilfe.lnk
2012-04-20 17:44:09 . 2010-12-30 19:39:40 218 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 3\ArcSoft Products and Bonus Offers.url
2012-04-20 17:44:09 . 2010-12-30 19:14:37 2,032 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 3\Dienstprogramm starten.lnk
2012-04-20 17:44:09 . 2010-12-30 19:14:45 2,415 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Connect\ArcSoft Connect starten.lnk
2012-04-20 17:44:09 . 2010-12-30 19:14:45 2,439 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Connect\Meine ArcSoft-Infos ansehen.lnk
2012-04-20 17:44:09 . 2011-07-11 16:50:04 1,253 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Amazon MP3-Downloader.lnk
2012-04-20 17:44:09 . 2011-07-11 16:50:04 1,203 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Amazon\Amazon MP3-Downloader\Uninstall Amazon MP3-Downloader.lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,219 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Nero Toolkit\Nero DriveSpeed (32-bit).lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,255 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Nero Toolkit\Nero InfoTool (32-bit).lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,220 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Handbücher\Nero Express [Deutsches Handbuch].lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,222 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Handbücher\Nero Express [Englisches Handbuch].lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,198 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Nero Toolkit\Nero CD Speed (32-bit).lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,331 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Handbücher\Nero Cover Designer [Deutsches Handbuch].lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,333 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Handbücher\Nero Cover Designer [Englisches Handbuch].lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,119 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Nero Express (32-bit).lnk
2012-04-20 17:44:09 . 2012-04-14 10:34:26 1,218 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Ahead Nero (32-bit)\Nero Cover Designer (32-bit).lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:05 1,288 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:33 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:29 1,262 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:58 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
2012-04-20 17:44:09 . 2009-07-14 05:32:31 2,741 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
2012-04-20 17:44:09 . 2011-03-11 17:16:43 1,385 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:50 1,232 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:33 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
2012-04-20 17:44:09 . 2011-03-11 17:16:43 1,334 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:29 1,298 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:22 1,274 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:13 1,674 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
2012-04-20 17:44:09 . 2009-07-14 04:53:52 1,270 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:21 1,294 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
2012-04-20 17:44:09 . 2009-07-14 05:32:31 1,899 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:13 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:13 1,468 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:13 216 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
2012-04-20 17:44:09 . 2009-07-14 05:32:31 1,989 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:12 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:18 1,386 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:09 1,316 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:18 343 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
2012-04-20 17:44:09 . 2009-12-15 10:58:18 1,436 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:57 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:29 1,268 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:09 1,320 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:50 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:33 1,250 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:58 1,252 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:25 1,290 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
2012-04-20 17:44:09 . 2009-07-14 04:55:00 1,248 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:09 1,338 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
2012-04-20 17:44:09 . 2009-07-14 04:57:07 370 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
2012-04-20 17:44:09 . 2009-07-14 04:57:07 1,388 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:58 1,254 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:09 1,579 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:58 1,322 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:16 1,351 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:32 1,242 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
2012-04-20 17:44:09 . 2009-07-14 04:53:55 1,367 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:13 1,272 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:12 1,238 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:16 1,726 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
2012-04-20 17:44:09 . 2009-07-14 04:54:23 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:13 1,364 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
2012-04-20 17:44:09 . 2009-07-14 04:55:00 1,230 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
2012-04-20 17:44:09 . 2009-07-14 05:09:29 1,547 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:08 1,246 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
2012-04-20 17:44:09 . 2009-12-15 10:58:18 1,326 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
2012-04-20 17:44:09 . 2009-07-14 04:54:59 1,210 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
2012-04-20 17:44:09 . 2011-10-23 16:06:23 2,540 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:08 1,330 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
2012-04-20 17:44:09 . 2009-07-14 04:57:09 1,352 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
2012-04-20 17:44:09 . 2011-10-23 16:06:23 1,284 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
2012-04-20 17:44:09 . 2009-12-15 10:58:16 1,345 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
2012-04-20 17:44:09 . 2009-12-17 18:35:46 1,177 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Adobe Photoshop 7.0.lnk
2012-04-20 17:44:09 . 2012-04-17 14:52:44 2,441 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
2012-04-20 17:44:09 . 2009-07-14 05:01:14 1,282 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Default Programs.lnk
2012-04-20 17:44:09 . 2009-07-14 05:01:14 442 --sha-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\desktop.ini
2012-04-20 17:44:09 . 2009-07-14 04:49:40 1,266 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Windows Update.lnk
2012-04-20 17:44:09 . 2009-12-17 18:35:46 1,182 ----a-w- C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1\Programs\Adobe ImageReady 7.0.lnk
2012-04-20 17:37:43 . 2012-04-21 11:25:14 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-04-19 19:28:24 . 2012-04-19 19:34:31 256 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\6rNZ2OVk4uso6D.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 81,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\issacapi_bs-2.3.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 24,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MASetupCleaner.exe.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 57,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MK_Lyric.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 40,960 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MTTELECHIP.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 200,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzwmts.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 65,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\issacapi_pe-2.3.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 413,696 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\msvcp60.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 57,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\issacapi_se-2.3.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 40,960 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MAMACExtract.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 258,048 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzoggsp.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 143,360 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\3DAudio.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 49,152 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MaJGUILib.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 57,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MTXSYNCICON.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 382,976 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\mfplat.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 974,848 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\cis-2.4.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 491,520 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzapp.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 14,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\avrt.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 135,168 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzaf1.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzapp.exe.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 110,592 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzmp4sp.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 131,072 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzmpgsp.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 155,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MSFLib.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 23,040 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\psapi.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 45,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MaXMLProto.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 245,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MSCLib.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 45,056 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MACXMLProto.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 569,344 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzdecode.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 352,256 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MSLUR71.dll.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 122,880 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\muzeffect.ax.vir
2011-10-06 19:26:16 . 2011-09-16 02:54:44 118,784 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\System32\MaDRM.dll.vir
2011-07-26 15:26:46 . 2011-07-26 15:26:46 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\muzapp.exe.vir
2010-08-31 17:30:17 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmpA8ED.tmp.vir
2010-08-31 16:20:47 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp8A1C.tmp.vir
2010-08-31 16:20:47 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmpD1B8.tmp.vir
2010-08-31 16:20:47 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp80C.tmp.vir
2010-01-15 00:20:11 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmp7DC.tmp.vir
2010-01-15 00:20:11 . 2010-01-15 00:20:11 809,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\tmpA8BE.tmp.vir
2009-12-17 18:33:48 . 1998-11-17 13:44:44 328,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0407.exe.vir
2007-11-07 06:03:18 . 2007-11-07 06:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir
2000-08-08 11:31:26 . 2000-08-08 11:31:26 258,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETE1BE.tmp.vir
2000-08-08 11:31:26 . 2000-08-08 11:31:26 180,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETFC04.tmp.vir
2000-08-08 10:31:26 . 2000-08-08 10:31:26 180,496 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SET408.tmp.vir
2000-08-08 10:31:26 . 2000-08-08 10:31:26 258,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\SETFE2B.tmp.vir

Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

chcp 1252
xcopy /s /e "C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu"
xcopy /s /e "C:\Qoobox\Quarantine\C\Users\HEN~1\AppData\Local\Temp\smtmp\4" "C:\Users\Public\Desktop"
del %0
         

• Wähle Datei --> Speichern unter
• Dateiname: file.bat
• Dateityp: Wähle Alle Dateien (*.*)
• Speichere die Datei auf deinem Desktop.
  
  Es sollte nun ungefähr so aussehen
  
• Starte die file.bat.

Vista und Win7 User: Mit Rechtsklick "als Administrator starten"


Berichte ob das Start Menu immer noch leer ist

Also mein Startmenü ist wieder vollständig,

nur hinter allen meinen Dateien, steht nur deren Dateityp: txt; exe, pgn usw.

Weiterhin verschwunden sind Programme wie Paint, Nero, Live-Messenger etc.