Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.10.2012, 21:11   #16
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



unter Probramme ist alles in Ordnung.
Nur kann ich im Laufwerk F. meine Bilder nicht mehr öffnen

Alt 07.10.2012, 21:14   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 08.10.2012, 08:30   #18
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Habe den OTL nach Anweisung ausgeführt.
Er hat normal angefangen zu arbeiten.

Es erschien dann ein Hinweisfenster mit "Out of Memory"
Habe den Button "OK" gedrückt.

Nun macht seit ner Stunde der OTL keine Fortschritte oder Hinweis darauf ob er noch arbeitet.????
__________________

Alt 08.10.2012, 12:35   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Hast du OTL von meinem angegebenen Link auch neu runtergeladen?
Wenn ja funktioniert es im abgesicherten Modus mit Netzwerktreibern?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.10.2012, 20:33   #20
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Hallo
ich habe den OTL neu runtergeladen und auch jetzt im abgesicherten Modus mit Netwerktreibern arbeiten lassen.
Es tritt der gleiche Hinweis auf "Out of Memory" danach hört er auf zu arbeiten.

Zusatz: Ich habe hierzu die Internetverbindung getrennt gehabt. War das richtig?


Alt 09.10.2012, 11:06   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Welche OTL-Version wird die oben im OTL-Fenster denn angezeigt?
__________________
--> Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne

Alt 10.10.2012, 08:37   #22
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Sorry hatte gestern keine Zeit.
Als OTL-Version wird mir 3.2.69.0 angezeigt

Alt 10.10.2012, 12:47   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Ok die Version ist richtig, machen wir ohne CustomScan weiter

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 14:43   #24
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Hier die Scans

Extra.Txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.10.2012 15:28:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Guenter\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 73,44% Memory free
11,98 Gb Paging File | 9,49 Gb Available in Paging File | 79,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 821,16 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 930,19 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 460,12 Gb Free Space | 49,39% Space Free | Partition Type: NTFS
 
Computer Name: GUENTER-PC | User Name: Guenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6245BC35-F4BE-1995-BB2E-7847D758504E}" = ATI Problem Report Wizard
"{70DFF8B2-44A3-2C2C-FB21-783E8291265F}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D9B52C63-4209-7129-BF10-FA5DCD38579E}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"40FDF49A126BA2F6545D5FB7793D913E7262022F" = Windows-Treiberpaket - FTDI CDM Driver Package (03/30/2010 2.06.02)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"A1621EEC54C7A6698F35386FBF38092B429F59AA" = Windows-Treiberpaket - FTDI CDM Driver Package (03/30/2010 2.06.02)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0DC7F1CB-B3EB-48CF-8136-3BF8635F8566}" = Internet Explorer 8 WEB.DE Edition
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B3B5C60-70B8-F022-5497-03FD2772586C}" = CCC Help Greek
"{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24A80D33-B804-4982-8756-7313492A9D58}" = Oceanlog 2.x
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278AD90C-D27D-AA89-58DF-AD13852D51CA}" = CCC Help Spanish
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CDBFF1A-6433-E94D-CA25-831FDB9775E9}" = CCC Help Italian
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31DED885-1124-0E58-97FB-73E4EF692E8D}" = CCC Help Hungarian
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{33B670D7-8A06-DA5B-0341-5630D1E12007}" = ccc-core-static
"{3717C4F2-7412-4793-9BB8-D73D2817B3D6}" = USB Video/Audio Device Driver
"{38D65ABC-A00B-6E13-2EF3-826CFC8CFC14}" = CCC Help French
"{39B072B0-6003-4506-8A6A-28EFB3169D0F}" = Garmin City Navigator Europe NT 2013.20 Update
"{3B4325A0-43CD-10D1-64F6-BD2F90DCB756}" = Catalyst Control Center Graphics Previews Vista
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41A00174-B4EA-4E79-9CAF-DC118A878B92}" = Garmin City Navigator Europe NT 2012.10 Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{55043DDE-D718-C7F7-9B4C-2B3D818D8A1F}" = Catalyst Control Center InstallProxy
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5774B4C1-8579-D5D9-8D38-A0CE32B6736C}" = CCC Help German
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D19BB0D-9B04-5B85-9295-4E11BCB1C2C3}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{75794DD1-5D69-4E33-A141-C3D4B0724C71}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E95A343-25B1-4FE1-8BAA-9745F390C294}" = Brother HL-2170W
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8454B5F-4122-864C-002D-31F878D2CBF4}" = CCC Help English
"{EB38E598-181D-4CD7-800F-A4F525ECEC56}" = SRC System™ Upgrades
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E6252F-8DC2-B508-D412-1C427CDB3448}" = CCC Help Portuguese
"{FE4466A3-76B3-A9F4-9B22-150D6F8B4647}" = Catalyst Control Center Localization All
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Antivirus Premium
"EADM" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Internet Explorer 8 WEB.DE Edition" = Internet Explorer 8 WEB.DE Edition
"king.com" = king.com (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"Tales of Monkey Island" = Tales of Monkey Island
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"Venetica_is1" = Venetica
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2011 08:25:21 | Computer Name = Guenter-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 14.12.2011 08:30:37 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.12.2011 00:43:52 | Computer Name = Guenter-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 15.12.2011 00:44:56 | Computer Name = Guenter-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 15.12.2011 00:45:25 | Computer Name = Guenter-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\searchhelper.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 15.12.2011 00:50:43 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.12.2011 13:29:50 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.12.2011 13:29:50 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.12.2011 13:30:00 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 15.12.2011 13:30:02 | Computer Name = Guenter-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 10.10.2012 09:25:46 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.10.2012 09:25:46 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 10.10.2012 09:27:12 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.10.2012 09:27:12 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 10.10.2012 09:28:02 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.10.2012 09:28:02 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 10.10.2012 09:28:23 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.10.2012 09:28:23 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 10.10.2012 09:29:21 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 10.10.2012 09:29:21 | Computer Name = Guenter-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
 
< End of report >
         
--- --- ---


und der OTLTxt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.10.2012 15:28:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Guenter\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 73,44% Memory free
11,98 Gb Paging File | 9,49 Gb Available in Paging File | 79,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,51 Gb Total Space | 821,16 Gb Free Space | 88,15% Space Free | Partition Type: NTFS
Drive D: | 931,41 Gb Total Space | 930,19 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 460,12 Gb Free Space | 49,39% Space Free | Partition Type: NTFS
 
Computer Name: GUENTER-PC | User Name: Guenter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Users\Guenter\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
PRC - C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Programme\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
PRC - C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\ASUS\Six Engine\SixEngine.exe ()
MOD - C:\Programme\ASUS\TurboV\TurboV.exe ()
MOD - C:\Programme\ASUS\TurboV\OcProfile.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsusService.dll ()
MOD - C:\Programme\ASUS\Six Engine\pngio.dll ()
MOD - C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll ()
MOD - C:\Programme\ASUS\TurboV\TvOcLib.dll ()
MOD - C:\Programme\ASUS\TurboV\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AllShare) -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe ()
SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe ()
SRV - (MDES) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe (DeviceVM)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (CSRBC) -- C:\Windows\SysNative\drivers\csrbcx64.sys (CSR)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 38 C0 DB EB 3A CB 01  [binary data]
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{3714F2E8-2056-4E8A-A29D-073C74A47CF4}: "URL" = hxxp://go.web.de/suchbox/ie_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{67A27FD6-9444-4FFD-8DA1-0C752EDE5A58}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_de
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{8BC9BA72-F5CE-4635-85FF-60029065DB72}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{9FB165C5-6812-4EE2-9E8C-A7DA28B80706}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_homepage"
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb2/mff_keyurl_search/?su="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Guenter\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 19:54:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 19:54:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 19:54:45 | 000,000,000 | ---D | M]
 
[2011.02.07 09:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guenter\AppData\Roaming\mozilla\Extensions
[2012.10.10 09:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Guenter\AppData\Roaming\mozilla\Firefox\Profiles\1p2bzv6p.default\extensions
[2012.08.18 14:32:09 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Guenter\AppData\Roaming\mozilla\Firefox\Profiles\1p2bzv6p.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.10.04 19:00:40 | 000,565,448 | ---- | M] () (No name found) -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\extensions\toolbar@web.de.xpi
[2012.10.10 09:13:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.04 19:00:46 | 000,000,911 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\searchplugins\11-suche.xml
[2012.10.04 19:00:46 | 000,002,273 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\searchplugins\englische-ergebnisse.xml
[2012.10.04 19:00:46 | 000,010,563 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\searchplugins\gmx-suche.xml
[2012.10.04 19:00:46 | 000,002,432 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\searchplugins\lastminute.xml
[2012.10.04 19:00:46 | 000,005,545 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\mozilla\firefox\profiles\1p2bzv6p.default\searchplugins\webde-suche.xml
[2012.09.30 17:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 19:54:46 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npmidas.dll
[2012.06.08 07:09:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 07:58:05 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.08 07:09:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.08 07:09:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.08 07:09:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.08 07:09:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Guenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2938077552-1955730345-1814954369-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} hxxp://www.king.de/ctl/kingcomie.cab (king.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{826C0208-EAE0-41E7-910B-2A40EB6544CF}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A90020C-4138-47B4-93B4-73DD7E18E60B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.25 11:21:20 | 000,000,000 | -HSD | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.12.25 11:21:20 | 000,000,000 | -HSD | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\{a1274d05-a6db-11df-ba3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1274d05-a6db-11df-ba3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 12:13:34 | 000,000,000 | ---D | C] -- C:\Users\Guenter\AppData\Roaming\Avira
[2012.10.10 12:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.10 12:08:08 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.10 12:08:08 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.10 12:08:08 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.10 12:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.10 12:01:26 | 000,000,000 | R--D | C] -- C:\Users\Guenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.10.06 11:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.06 10:05:54 | 000,000,000 | ---D | C] -- C:\Users\Guenter\AppData\Roaming\Malwarebytes
[2012.10.06 10:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 09:09:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.06 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\Guenter\AppData\Local\MFAData
[2012.10.06 09:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.10.06 09:09:13 | 000,000,000 | ---D | C] -- C:\Users\Guenter\AppData\Local\Avg2013
[2012.10.04 13:43:09 | 000,000,000 | ---D | C] -- C:\Users\Guenter\Neuer Ordner
[2012.10.04 12:27:17 | 000,000,000 | ---D | C] -- C:\Users\Guenter\Viren Oktober2012
[2012.09.30 17:32:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.09.26 07:08:59 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012.09.23 23:07:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.09.23 23:07:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.09.23 23:07:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.09.23 23:07:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.09.23 23:07:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.09.23 23:07:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.09.23 23:07:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.09.23 23:07:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.09.23 23:07:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.09.23 23:07:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.09.23 23:07:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.09.23 23:07:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.09.23 23:07:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.09.23 23:07:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.09.23 23:07:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.09.19 21:34:21 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.19 21:34:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012.09.19 21:33:37 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.19 21:33:36 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2008.03.24 22:50:26 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\dao360.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 15:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.10 15:06:40 | 000,000,338 | -H-- | M] () -- C:\dvmexp.idx
[2012.10.10 14:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.10 14:49:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 14:49:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 14:49:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.10.10 12:08:36 | 000,017,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 12:08:36 | 000,017,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 12:08:18 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.10 12:05:36 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.10 12:05:36 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.10 12:05:36 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.10 12:05:36 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.10 12:05:36 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.10 12:01:26 | 000,000,412 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.10.10 12:01:12 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 11:57:48 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.10 11:57:48 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.10 11:57:47 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.09 09:58:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 09:58:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.04 10:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\defogger_reenable
[2012.09.30 16:54:04 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\6FD3.exe
[2012.09.30 15:54:08 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\9107.exe
[2012.09.30 14:52:21 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\28C.exe
[2012.09.30 14:26:40 | 000,000,369 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\7DA3.exe
[2012.09.30 07:06:08 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\2A3B.exe
[2012.09.30 01:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Guenter\AppData\Roaming\65D6.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 12:08:18 | 000,002,001 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.04 10:43:52 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\defogger_reenable
[2012.09.30 16:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\6FD3.exe
[2012.09.30 15:54:08 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\9107.exe
[2012.09.30 14:52:21 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\28C.exe
[2012.09.30 14:26:40 | 000,000,369 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\7DA3.exe
[2012.09.30 07:06:08 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\2A3B.exe
[2012.09.30 01:21:03 | 000,000,000 | ---- | C] () -- C:\Users\Guenter\AppData\Roaming\65D6.exe
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.29 09:49:39 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.05 12:44:54 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{C2204A22-3752-4B1E-BB0D-11C5F8660FB1}.dat
[2011.02.07 09:37:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.21 16:51:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-2938077552-1955730345-1814954369-1001\$e4e2387dd36a5164784242aceb67fb54\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$e4e2387dd36a5164784242aceb67fb54\n.
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
[/code]

Alt 10.10.2012, 15:26   #25
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.25 11:21:20 | 000,000,000 | -HSD | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 04:56:50 | 000,000,036 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.12.25 11:21:20 | 000,000,000 | -HSD | M] - F:\autorun -- [ NTFS ]
:Files
C:\Users\Guenter\AppData\Roaming\*.exe
F:\autorun
F:\autorun.inf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 15:40   #26
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Muss ich das im abgesicherten Modus machen - oder genügt hier den OTL als Administrator zu öffnen?

Alt 10.10.2012, 15:49   #27
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Alles nach Möglichkeit im normalen Modus machen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 15:55   #28
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



OTL-Bericht ist eingetrudelt nachdem PC neu gestartet hat.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
F:\autorun.inf moved successfully.
File  not found.
========== FILES ==========
C:\Users\Guenter\AppData\Roaming\28C.exe moved successfully.
C:\Users\Guenter\AppData\Roaming\2A3B.exe moved successfully.
C:\Users\Guenter\AppData\Roaming\65D6.exe moved successfully.
C:\Users\Guenter\AppData\Roaming\6FD3.exe moved successfully.
C:\Users\Guenter\AppData\Roaming\7DA3.exe moved successfully.
C:\Users\Guenter\AppData\Roaming\9107.exe moved successfully.
F:\autorun folder moved successfully.
File\Folder F:\autorun.inf not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Guenter\Downloads\cmd.bat deleted successfully.
C:\Users\Guenter\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 80055 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guenter
->Temp folder emptied: 4174343306 bytes
->Temporary Internet Files folder emptied: 3239809330 bytes
->Java cache emptied: 184008 bytes
->FireFox cache emptied: 55561565 bytes
->Flash cache emptied: 568 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 718496886 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 4411440 bytes
 
Total Files Cleaned = 7.814,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10102012_164423

Files\Folders moved on Reboot...
C:\Users\Guenter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 10.10.2012, 15:55   #29
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.10.2012, 16:02   #30
guennis1960
 
Antivir  schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - Standard

Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne



Ist der Vorgang zum Up Channel bei Windows 7 gleich dem von windows xp?

"Bescheid"

Antwort

Themen zu Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne
antivir, antivirus, avira, eingefangen, erschein, erscheint, gefangen, geklappt, löschen, meldung, minute, minuten, neu, premium, quarantäne, quelle, recycle.bin, tagen, tr/atraps.gen, tr/sirefef.abx, tr/sirefef.w.16896, ultima, versehentlich, versuch, versucht, viren, windows, windows 7




Ähnliche Themen: Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne


  1. Windows 7: C:\Program files\Desktop\Google\...usw-> TR/Sirefef.A.37 und TR/ATRAPS.Gen2, Antivir kann Sie nicht in die Quarantäne verschieben
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (13)
  2. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  3. tr/sirefef.16896 und tr/atraps.gen2; wie bekomme ich die weg?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (17)
  4. TR/Sirefef.16896 und TR/ATRAPS.Gen2 im Papierkorb-Verzeichnis (Win7 x64)
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (5)
  5. TR/ATRAPS.Gen2 und TR/Sirefef.W.16896 in C:\$Recycle.Bin\S-1-5-18\......
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (3)
  6. TR/Sirefef.16896 und TR/ATRAPS.Gen2 auf Laptop gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (33)
  7. TR/ATRAPS.Gen2 und TR/Sirefef.16896 lässt sich nicht entfernen
    Log-Analyse und Auswertung - 06.09.2012 (33)
  8. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  9. Trojaner geangelt TR/ATRAPS.Gen2 TR/Sirefef.16896
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (38)
  10. multipler Befall: ATRAPS.Gen2, Sirefef.16896, BDS/ZeroAccess
    Log-Analyse und Auswertung - 29.08.2012 (13)
  11. TR/Winwebsec.AJ.14;BDS/ZAccess.W;EXP/JAVA.Teqwari.gen;TR/Agent.2049;TR/ATRAPS.gen2 und TR/sirefef.16896 von AVIRA gefunden
    Log-Analyse und Auswertung - 21.08.2012 (12)
  12. Trojaner TR/ATRAPS.Gen2 und TR/Sirefef.16896 lassen sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (5)
  13. Avira: Wiederholte Warnung zu TR/ATRAPS.Gen2 und TR/Sirefef.16896
    Log-Analyse und Auswertung - 15.08.2012 (1)
  14. TR/Sirefef.16896 und TR/ATRAPS.Gen2 wurden gefunden.
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  15. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  16. Antivir meldet ständig Probleme mit TR/ATRAPS.Gen2 und TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (23)
  17. ANTIVIR meldet tr/sirefef.gc.1 und ATRAPS Gen2 - Was kann ich tun? Anbei Logs
    Log-Analyse und Auswertung - 13.06.2012 (1)

Zum Thema Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne - unter Probramme ist alles in Ordnung. Nur kann ich im Laufwerk F. meine Bilder nicht mehr öffnen - Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne...
Archiv
Du betrachtest: Antivir schickt Viren (TR/ATRAPS.Gen2 + TR/Sirefef.W.16896) in Quarantäne auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.